CVE-2022-33103

Name
CVE-2022-33103
Description
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://lore.kernel.org/all/20220609140206.297405-1-miquel.raynal@bootlin.com/
MISC https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:denx:u-boot:2022.07:rc2:*:*:*:*:*:* u-boot == None == 2022.07
cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:* u-boot >= 2020.10 < 2022.07

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
u-boot 3.16-main 2022.04-r1 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
u-boot 3.15-main 2021.10-r5 Milan P. Stanić <mps@arvanta.net> possibly vulnerable
u-boot 3.14-main 2021.04-r0 Milan P. Stanić <mps@arvanta.net> possibly vulnerable