Fwd: [scr1564375] your CVE ID requests
sploitem
sploitem at gmail.com
Tue Dec 26 06:07:20 CET 2023
---------- Forwarded message ---------
От: <cve-request at mitre.org>
Date: вт, 19 дек. 2023 г. в 20:39
Subject: Re: [scr1564375] your CVE ID requests
To: <sploitem at gmail.com>
Cc: <cve-request at mitre.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> [Suggested description]
> Integer underflow in ipv6 net component when processing incoming packets.
udp->udp_len is not verified before substruction leading to large number in
len parameter (unsigned int). This can lead to DoS or code execution.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Integer Overflow
>
> ------------------------------------------
>
> [Vendor of Product]
> U-Boot
>
> ------------------------------------------
>
> [Affected Product Code Base]
> U-boot - <= v2024.01-rc3
>
> ------------------------------------------
>
> [Affected Component]
> u-boot/net/net6.c
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Crafted ipv6 udp packet.
>
> ------------------------------------------
>
> [Reference]
> https://github.com/u-boot/u-boot/blob/master/net/net6.c#L442C18-L442C18
>
> ------------------------------------------
>
> [Discoverer]
> sploitem
This request did not receive a CVE ID assignment as CVEs are not assigned
to Release Candidate (rc) versions of products.
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
https://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJlgdSnAAoJENiPHH3233OGtbYQAKDjsoR/MIuN6txsUarIqDx9
KzoNx5MR0Ze+HIyZ3vBV1+eUJcnHfStLDaIMRNGR7497+A474X54vn8OVRTqgh+W
CPQiTqx2PpJTYikxBAUrbh6uzwFHlb+iv7Dt2mqyZ4Eg+sX8X507YfyyIsWr6Npw
VYiXSt53Sy9hQDski7H+Nl3keO3km5G29MdavcvNiAwH0g/a9f+NtRvQvi68X+n7
4nWRa2bzH3zChvOVJ0TRvua9ptwU+svM4wjL9vloEMO8sDO3CyFIoiGhyhseERcT
Zv/NpPdqpqlKwRcvY6vW/GMGU6pVhwpIer9jrX4yolviN1d92/J9sIfJXchl5yNh
fUnX0NYlBbBKH1Hy/ttOXuOBPeNgFv1VpryJvjyOxmTIpOZUhm1iiehzEGA2pFdO
FUHAKmfrugVTr8Gp3HL/tQ3MN08nB64LHkowD+j0+XGN1EEIurWSnwRwdXmEn26Y
MSkGbXzT0GiibnkhwpdRxcZW4p33NC+idNBZtb4K8TIcdUdh2P4ZzeyTMYmxMKgp
WVHxxKvLEom+E17SAb996Wesia4+gRo+2wK4cXCtnEn7nqz59y1mqBf1uALeTDLG
D2/9N3nqGYZEu8WeMjSNYPmUvLMHKvffj9Z81+dBSq/IngZMYuXr6m+UGTce66N1
jmb+4NApCJi3mhF4dUK6
=T698
-----END PGP SIGNATURE-----
More information about the U-Boot
mailing list