Vulnerability Details CVE-2021-37847
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://gist.github.com/gquere/816dfadbad98745090034100a8a651eb
- https://github.com/saschahauer/barebox/commit/0a9f9a7410681e55362f8311537ebc7be9ad0fbe
- https://gist.github.com/gquere/816dfadbad98745090034100a8a651eb
- https://github.com/saschahauer/barebox/commit/0a9f9a7410681e55362f8311537ebc7be9ad0fbe
Products affected by CVE-2021-37847
-
cpe:2.3:a:pengutronix:barebox:2010.02.0
-
cpe:2.3:a:pengutronix:barebox:2010.03.0
-
cpe:2.3:a:pengutronix:barebox:2010.04.0
-
cpe:2.3:a:pengutronix:barebox:2010.05.0
-
cpe:2.3:a:pengutronix:barebox:2010.06.0
-
cpe:2.3:a:pengutronix:barebox:2010.07.0
-
cpe:2.3:a:pengutronix:barebox:2010.08.0
-
cpe:2.3:a:pengutronix:barebox:2010.09.0
-
cpe:2.3:a:pengutronix:barebox:2010.10.0
-
cpe:2.3:a:pengutronix:barebox:2010.11.0
-
cpe:2.3:a:pengutronix:barebox:2010.12.0
-
cpe:2.3:a:pengutronix:barebox:2011.01.0
-
cpe:2.3:a:pengutronix:barebox:2011.02.0
-
cpe:2.3:a:pengutronix:barebox:2011.03.0
-
cpe:2.3:a:pengutronix:barebox:2011.04.0
-
cpe:2.3:a:pengutronix:barebox:2011.05.0
-
cpe:2.3:a:pengutronix:barebox:2011.06.0
-
cpe:2.3:a:pengutronix:barebox:2011.07.0
-
cpe:2.3:a:pengutronix:barebox:2011.08.0
-
cpe:2.3:a:pengutronix:barebox:2011.09.0
-
cpe:2.3:a:pengutronix:barebox:2011.10.0
-
cpe:2.3:a:pengutronix:barebox:2011.11.0
-
cpe:2.3:a:pengutronix:barebox:2011.12.0
-
cpe:2.3:a:pengutronix:barebox:2012.02.0
-
cpe:2.3:a:pengutronix:barebox:2012.03.0
-
cpe:2.3:a:pengutronix:barebox:2012.04.0
-
cpe:2.3:a:pengutronix:barebox:2012.05.0
-
cpe:2.3:a:pengutronix:barebox:2012.06.0
-
cpe:2.3:a:pengutronix:barebox:2012.07.0
-
cpe:2.3:a:pengutronix:barebox:2012.08.0
-
cpe:2.3:a:pengutronix:barebox:2012.09.0
-
cpe:2.3:a:pengutronix:barebox:2012.10.0
-
cpe:2.3:a:pengutronix:barebox:2012.11.0
-
cpe:2.3:a:pengutronix:barebox:2012.12.0
-
cpe:2.3:a:pengutronix:barebox:2012.12.1
-
cpe:2.3:a:pengutronix:barebox:2013.01.0
-
cpe:2.3:a:pengutronix:barebox:2013.02.0
-
cpe:2.3:a:pengutronix:barebox:2013.03.0
-
cpe:2.3:a:pengutronix:barebox:2013.04.0
-
cpe:2.3:a:pengutronix:barebox:2013.05.0
-
cpe:2.3:a:pengutronix:barebox:2013.05.1
-
cpe:2.3:a:pengutronix:barebox:2013.06.0
-
cpe:2.3:a:pengutronix:barebox:2013.06.1
-
cpe:2.3:a:pengutronix:barebox:2013.07.0
-
cpe:2.3:a:pengutronix:barebox:2013.08.0
-
cpe:2.3:a:pengutronix:barebox:2013.08.1
-
cpe:2.3:a:pengutronix:barebox:2013.09.0
-
cpe:2.3:a:pengutronix:barebox:2013.10.0
-
cpe:2.3:a:pengutronix:barebox:2013.10.1
-
cpe:2.3:a:pengutronix:barebox:2013.11.0
-
cpe:2.3:a:pengutronix:barebox:2013.12.0
-
cpe:2.3:a:pengutronix:barebox:2014.01.0
-
cpe:2.3:a:pengutronix:barebox:2014.02.0
-
cpe:2.3:a:pengutronix:barebox:2014.03.0
-
cpe:2.3:a:pengutronix:barebox:2014.04.0
-
cpe:2.3:a:pengutronix:barebox:2014.05.0
-
cpe:2.3:a:pengutronix:barebox:2014.06.0
-
cpe:2.3:a:pengutronix:barebox:2014.07.0
-
cpe:2.3:a:pengutronix:barebox:2014.08.0
-
cpe:2.3:a:pengutronix:barebox:2014.09.0
-
cpe:2.3:a:pengutronix:barebox:2014.10.0
-
cpe:2.3:a:pengutronix:barebox:2014.11.0
-
cpe:2.3:a:pengutronix:barebox:2014.12.0
-
cpe:2.3:a:pengutronix:barebox:2015.01.0
-
cpe:2.3:a:pengutronix:barebox:2015.02.0
-
cpe:2.3:a:pengutronix:barebox:2015.03.0
-
cpe:2.3:a:pengutronix:barebox:2015.04.0
-
cpe:2.3:a:pengutronix:barebox:2015.05.0
-
cpe:2.3:a:pengutronix:barebox:2015.06.0
-
cpe:2.3:a:pengutronix:barebox:2015.07.0
-
cpe:2.3:a:pengutronix:barebox:2015.08.0
-
cpe:2.3:a:pengutronix:barebox:2015.09.0
-
cpe:2.3:a:pengutronix:barebox:2015.10.0
-
cpe:2.3:a:pengutronix:barebox:2015.11.0
-
cpe:2.3:a:pengutronix:barebox:2015.12.0
-
cpe:2.3:a:pengutronix:barebox:2016.01.0
-
cpe:2.3:a:pengutronix:barebox:2016.02.0
-
cpe:2.3:a:pengutronix:barebox:2016.03.0
-
cpe:2.3:a:pengutronix:barebox:2016.04.0
-
cpe:2.3:a:pengutronix:barebox:2016.05.0
-
cpe:2.3:a:pengutronix:barebox:2016.06.0
-
cpe:2.3:a:pengutronix:barebox:2016.07.0
-
cpe:2.3:a:pengutronix:barebox:2016.08.0
-
cpe:2.3:a:pengutronix:barebox:2016.09.0
-
cpe:2.3:a:pengutronix:barebox:2016.10.0
-
cpe:2.3:a:pengutronix:barebox:2016.11.0
-
cpe:2.3:a:pengutronix:barebox:2017.01.0
-
cpe:2.3:a:pengutronix:barebox:2017.02.0
-
cpe:2.3:a:pengutronix:barebox:2017.03.0
-
cpe:2.3:a:pengutronix:barebox:2017.04.0
-
cpe:2.3:a:pengutronix:barebox:2017.05.0
-
cpe:2.3:a:pengutronix:barebox:2017.05.1
-
cpe:2.3:a:pengutronix:barebox:2017.05.2
-
cpe:2.3:a:pengutronix:barebox:2017.05.3
-
cpe:2.3:a:pengutronix:barebox:2017.05.4
-
cpe:2.3:a:pengutronix:barebox:2017.06.0
-
cpe:2.3:a:pengutronix:barebox:2017.06.1
-
cpe:2.3:a:pengutronix:barebox:2017.06.2
-
cpe:2.3:a:pengutronix:barebox:2017.07.0
-
cpe:2.3:a:pengutronix:barebox:2017.07.1
-
cpe:2.3:a:pengutronix:barebox:2017.08.0
-
cpe:2.3:a:pengutronix:barebox:2017.09.0
-
cpe:2.3:a:pengutronix:barebox:2017.10.0
-
cpe:2.3:a:pengutronix:barebox:2017.11.0
-
cpe:2.3:a:pengutronix:barebox:2017.12.0
-
cpe:2.3:a:pengutronix:barebox:2018.01.0
-
cpe:2.3:a:pengutronix:barebox:2018.02.0
-
cpe:2.3:a:pengutronix:barebox:2018.03.0
-
cpe:2.3:a:pengutronix:barebox:2018.04.0
-
cpe:2.3:a:pengutronix:barebox:2018.05.0
-
cpe:2.3:a:pengutronix:barebox:2018.06.0
-
cpe:2.3:a:pengutronix:barebox:2018.07.0
-
cpe:2.3:a:pengutronix:barebox:2018.07.1
-
cpe:2.3:a:pengutronix:barebox:2018.07.2
-
cpe:2.3:a:pengutronix:barebox:2018.08.0
-
cpe:2.3:a:pengutronix:barebox:2018.09.0
-
cpe:2.3:a:pengutronix:barebox:2018.10.0
-
cpe:2.3:a:pengutronix:barebox:2018.11.0
-
cpe:2.3:a:pengutronix:barebox:2018.12.0
-
cpe:2.3:a:pengutronix:barebox:2018.8.1
-
cpe:2.3:a:pengutronix:barebox:2019.01.0
-
cpe:2.3:a:pengutronix:barebox:2019.02.0
-
cpe:2.3:a:pengutronix:barebox:2019.03.0
-
cpe:2.3:a:pengutronix:barebox:2019.04.0
-
cpe:2.3:a:pengutronix:barebox:2019.05.0
-
cpe:2.3:a:pengutronix:barebox:2019.06.0
-
cpe:2.3:a:pengutronix:barebox:2019.06.1
-
cpe:2.3:a:pengutronix:barebox:2019.07.0
-
cpe:2.3:a:pengutronix:barebox:2019.08.0
-
cpe:2.3:a:pengutronix:barebox:2019.08.1
-
cpe:2.3:a:pengutronix:barebox:2020.05.0
-
cpe:2.3:a:pengutronix:barebox:2021.07.0