CVE-2022-30767

Name
CVE-2022-30767
Description
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://lists.denx.de/pipermail/u-boot/2022-May/483952.html
MISC https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
MISC https://securitylab.github.com/research/uboot-rce-nfs-vulnerability/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:* u-boot >= None <= 2022.04
cpe:2.3:a:denx:u-boot:2022.07:rc2:*:*:*:*:*:* u-boot == None == 2022.07

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
u-boot edge-main 2022.04-r1 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
u-boot 3.16-main 2022.04-r1 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
u-boot 3.15-main 2021.10-r5 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
u-boot 3.14-main 2021.04-r0 Milan P. Stanić <mps@arvanta.net> possibly vulnerable