CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36764 – Heap Buffer Overflow in Tcg2MeasurePeImage
https://notcve.org/view.php?id=CVE-2022-36764
09 Jan 2024 — EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. EDK2 es susceptible a una vulnerabilidad en la función Tcg2MeasurePeImage(), lo que permite a un usuario desencadenar un desbordamiento de búfer de almacenamiento dinámico a través de una red local. La explotación exitosa de esta vulnerabi... • https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36763 – Heap Buffer Overflow in Tcg2MeasureGptTable
https://notcve.org/view.php?id=CVE-2022-36763
09 Jan 2024 — EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. EDK2 es susceptible a una vulnerabilidad en la función Tcg2MeasureGptTable(), lo que permite a un usuario desencadenar un desbordamiento de búfer de almacenamiento dinámico a través de una red local. La explotación exitosa de esta vulnera... • https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-38578 – edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation
https://notcve.org/view.php?id=CVE-2021-38578
03 Mar 2022 — Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. Unas comprobaciones existentes de CommBuffer en SmmEntryPoint no detectan el desbordamiento cuando es calculado BufferSize A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data conf... • https://bugzilla.tianocore.org/show_bug.cgi?id=3387 • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 1CVE-2021-38575 – edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe
https://notcve.org/view.php?id=CVE-2021-38575
21 Sep 2021 — NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. NetworkPkg/IScsiDxe presenta unos desbordamientos de búfer explotables de forma remota A flaw was found in edk2. Missing checks in the IScsiHexToBin function in NetworkPkg/IScsiDxe lead to a buffer overflow allowing a remote attacker, who can inject himself in the communication between edk2 and the iSCSI target, to write arbitrary data to any address in the edk2 firmware and potentially execute code. The highest threat from this vulnerability is... • https://bugzilla.tianocore.org/show_bug.cgi?id=3356 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28210 – edk2: unlimited FV recursion, round 2
https://notcve.org/view.php?id=CVE-2021-28210
21 Apr 2021 — An unlimited recursion in DxeCore in EDK II. Una recursión ilimitada en la función DxeCore en EDK II A flaw was found in edk2. An unlimited recursion in DxeCore may allow an attacker to corrupt the system memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. • https://bugzilla.tianocore.org/show_bug.cgi?id=1743 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14584 – edk2: NULL pointer dereference in AuthenticodeVerify()
https://notcve.org/view.php?id=CVE-2019-14584
07 Jan 2021 — Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. La desviación del puntero null en Tianocore EDK2 puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de acceso local Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of se... • https://bugzilla.redhat.com/show_bug.cgi?id=1889486 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8271
https://notcve.org/view.php?id=CVE-2014-8271
06 Feb 2020 — Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. Un desbordamiento del búfer en la función Reclaim en Tianocore EDK2 versiones anteriores a SVN 16280, permite a atacantes físicamente próximos alcanzar privilegios por medio de un nombre de variable largo. • http://sourceforge.net/p/edk2/code/16280 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5731 – edk2: Privilege escalation via processing of malformed files in TianoCompress.c
https://notcve.org/view.php?id=CVE-2017-5731
06 Aug 2019 — Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access. La comprobación de límites en Tianocompress en versiones anteriores al 7 de noviembre de 2017 puede permitir que un usuario autenticado permita potencialmente una escalada de privilegios mediante el acceso local. It was discovered that EDK II was not properly performing bounds checks in Tianocompress, which could lead to a buffer overflow. An authenticat... • https://bugzilla.tianocore.org/show_bug.cgi?id=686 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •