CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57262
https://notcve.org/view.php?id=CVE-2024-57262
19 Feb 2025 — In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256. • https://git.pengutronix.de/cgit/barebox/commit/?id=a2b76550f7d8 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57261
https://notcve.org/view.php?id=CVE-2024-57261
19 Feb 2025 — In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258. • https://git.pengutronix.de/cgit/barebox/commit/?id=7cf25e0733f08f68d1bf0ca0c3cf6e2dfe51bd3c • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37848
https://notcve.org/view.php?id=CVE-2021-37848
02 Aug 2021 — common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. Un archivo common/password.c en Pengutronix barebox versiones hasta 2021.07.0 filtra información de tiempo porque strncmp es usado durante la comparación del hash • https://gist.github.com/gquere/816dfadbad98745090034100a8a651eb • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37847
https://notcve.org/view.php?id=CVE-2021-37847
02 Aug 2021 — crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification. Un archivo crypto/digest.c en Pengutronix barebox versiones hasta 2021.07.0 tiene un filtrado de información de tiempo porque memcmp es usado durante la verificación del resumen • https://gist.github.com/gquere/816dfadbad98745090034100a8a651eb •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13910
https://notcve.org/view.php?id=CVE-2020-13910
07 Jun 2020 — Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check. Pengutronix Barebox versiones hasta v2020.05.0, presenta una lectura fuera de límites en la función nfs_read_reply en el archivo net/nfs.c porque un campo de un paquete de red entrante es usado directamente como un campo de longitud sin ninguna verificación de límites • https://git.pengutronix.de/cgit/barebox/commit/net/nfs.c?h=next&id=c0f0cbd1759a6ca6cbda4001dff5764f6633c825 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15937
https://notcve.org/view.php?id=CVE-2019-15937
05 Sep 2019 — Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. Pengutronix barebox hasta 2019.08.1 tiene un desbordamiento de búfer remoto en nfs_readlink_reply en net/nfs.c porque un campo de longitud se usa directamente un memcpy. • https://git.pengutronix.de/cgit/barebox/commit/net/nfs.c?h=next&id=84986ca024462058574432b5483f4bf9136c538d • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15938
https://notcve.org/view.php?id=CVE-2019-15938
05 Sep 2019 — Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy. Pengutronix barebox hasta 2019.08.1 tiene un desbordamiento de búfer remoto ennfs_readlink_req en fs/nfs.c porque un campo de longitud se usa directamente para un memcpy. • https://git.pengutronix.de/cgit/barebox/commit/fs/nfs.c?h=next&id=574ce994016107ad8ab0f845a785f28d7eaa5208 • CWE-787: Out-of-bounds Write •