CVE-2021-38575 – edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe

https://notcve.org/view.php?id=CVE-2021-38575

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. NetworkPkg/IScsiDxe presenta unos desbordamientos de búfer explotables de forma remota A flaw was found in edk2. Missing checks in the IScsiHexToBin function in NetworkPkg/IScsiDxe lead to a buffer overflow allowing a remote attacker, who can inject himself in the communication between edk2 and the iSCSI target, to write arbitrary data to any address in the edk2 firmware and potentially execute code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=3356 https://www.insyde.com/security-pledge/SA-2023025 https://access.redhat.com/security/cve/CVE-2021-38575 https://bugzilla.redhat.com/show_bug.cgi?id=1956284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-124: Buffer Underwrite ('Buffer Underflow') •