CVE-2024-57255

CVE-2024-57255

Name

CVE-2024-57255

Description

An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356
cve@mitre.org	https://www.openwall.com/lists/oss-security/2025/02/17/2

Type

URI

cve@mitre.org

https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356

cve@mitre.org

https://www.openwall.com/lists/oss-security/2025/02/17/2

CPE URI	Source package	Min version	Max version
	u-boot	>= 0	< 2025.01-rc1

CPE URI

Source package

Min version

Max version

u-boot

>= 0

< 2025.01-rc1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
u-boot	edge-main	2024.10-r2	Milan P. Stanić <mps@arvanta.net>	possibly vulnerable
u-boot	edge-main	2024.10-r3	Milan P. Stanić <mps@arvanta.net>	possibly vulnerable
u-boot	edge-main	2025.01-r0	Milan P. Stanić <mps@arvanta.net>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

u-boot

edge-main

2024.10-r2

Milan P. Stanić <mps@arvanta.net>

possibly vulnerable

u-boot

edge-main