Pengutronix: >> Barebox >> 2011.12.0 Security Vulnerabilities
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-02
common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-02
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-06-07
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-05
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-05