Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Pengutronix Subscribe
Filtered by product Barebox
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37848 1 Pengutronix 1 Barebox 2022-07-12 5.0 MEDIUM 7.5 HIGH
common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.
CVE-2021-37847 1 Pengutronix 1 Barebox 2021-09-21 5.0 MEDIUM 7.5 HIGH
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.
CVE-2019-15937 1 Pengutronix 1 Barebox 2020-08-24 7.5 HIGH 9.8 CRITICAL
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.
CVE-2019-15938 1 Pengutronix 1 Barebox 2020-08-24 7.5 HIGH 9.8 CRITICAL
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy.
CVE-2020-13910 1 Pengutronix 1 Barebox 2020-06-10 6.4 MEDIUM 9.1 CRITICAL
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.