Filtered by vendor Pengutronix
Subscriptions
Filtered by product Barebox
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57262 | 1 Pengutronix | 1 Barebox | 2025-07-13 | 7.1 High |
| In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256. | ||||
| CVE-2024-57261 | 1 Pengutronix | 1 Barebox | 2025-07-12 | 7.1 High |
| In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258. | ||||
| CVE-2021-37848 | 1 Pengutronix | 1 Barebox | 2024-11-21 | 7.5 High |
| common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. | ||||
| CVE-2021-37847 | 1 Pengutronix | 1 Barebox | 2024-11-21 | 7.5 High |
| crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification. | ||||
| CVE-2020-13910 | 1 Pengutronix | 1 Barebox | 2024-11-21 | 9.1 Critical |
| Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check. | ||||
| CVE-2019-15938 | 1 Pengutronix | 1 Barebox | 2024-11-21 | N/A |
| Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy. | ||||
| CVE-2019-15937 | 1 Pengutronix | 1 Barebox | 2024-11-21 | N/A |
| Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. | ||||
Page 1 of 1.