CVE-2022-36763
Heap Buffer Overflow in Tcg2MeasureGptTable
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
EDK2 es susceptible a una vulnerabilidad en la función Tcg2MeasureGptTable(), lo que permite a un usuario desencadenar un desbordamiento de búfer de almacenamiento dinámico a través de una red local. La explotación exitosa de esta vulnerabilidad puede resultar en un compromiso de confidencialidad, integridad y/o disponibilidad.
A heap buffer overflow flaw was found via the Tcg2MeasureGptTable() function in EDK2, arising from inadequate validation of the GPT Primary Header, presenting a minor risk to confidentiality and integrity. The primary consequence is likely a crash or denial of service. This issue may allow a local attacker to craft a GPT table, causing an integer overflow and consequent buffer overflow.
Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. It was discovered that a buffer overflows exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability or possibly cause remote code execution.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2022-07-25 CVE Reserved
- 2024-01-09 CVE Published
- 2025-06-03 CVE Updated
- 2025-07-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
- CWE-680: Integer Overflow to Buffer Overflow
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ |
|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr | 2024-03-13 | |
https://access.redhat.com/security/cve/CVE-2022-36763 | 2024-05-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2257582 | 2024-05-22 |