Shodan
Vulnerabilities
Vulnerable Software
Denx:  >> U-Boot  >> 0.2.3  Security Vulnerabilities
CVE-2024-57254
An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-18
CVE-2024-57255
An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-18
CVE-2024-57256
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-18
CVE-2024-57257
A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
CVSS Score
2.0
EPSS Score
0.0
Published
2025-02-18
CVE-2024-57258
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-18
CVE-2024-57259
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-02-18
CVE-2022-34835
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-06-30
CVE-2022-30767
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-05-16
CVE-2021-27097
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-17
CVE-2021-27138
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved