CVE-2022-30767

Name
CVE-2022-30767
Description
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://lists.denx.de/pipermail/u-boot/2022-May/483952.html
MISC https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
MISC https://securitylab.github.com/research/uboot-rce-nfs-vulnerability/
Patch https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
Patch https://source.denx.de/u-boot/u-boot/-/commit/bdbf7a05e26f3c5fd437c99e2755ffde186ddc80
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:* u-boot >= None <= 2022.04
cpe:2.3:a:denx:u-boot:2022.07:rc2:*:*:*:*:*:* u-boot == None == 2022.07

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
u-boot 3.16-main 2022.04-r1 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
u-boot 3.15-main 2021.10-r5 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
u-boot 3.14-main 2021.04-r0 Milan P. Stanić <mps@arvanta.net> possibly vulnerable