Vulnerabilities > CVE-2019-13104 - Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
denx
opensuse
CWE-191
nessus

Summary

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2233.NASL
    descriptionThis update for u-boot fixes the following issues : Security issues fixed : - CVE-2019-13106: Fixed stack-based buffer overflow via a crafted ext4 filesystem that may lead to code execution (bsc#1144656). - CVE-2019-13104: Fixed an underflow that could cause memcpy() to overwrite a very large amount of data via a crafted ext4 filesystem (bsc#1144675). This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129523
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129523
    titleopenSUSE Security Update : u-boot (openSUSE-2019-2233)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2475-1.NASL
    descriptionThis update for u-boot fixes the following issues : Security issues fixed : CVE-2019-13106: Fixed stack-based buffer overflow via a crafted ext4 filesystem that may lead to code execution (bsc#1144656). CVE-2019-13104: Fixed an underflow that could cause memcpy() to overwrite a very large amount of data via a crafted ext4 filesystem (bsc#1144675). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129403
    published2019-09-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129403
    titleSUSE SLED15 / SLES15 Security Update : u-boot (SUSE-SU-2019:2475-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2474-1.NASL
    descriptionThis update for u-boot fixes the following issues : Security issues fixed : CVE-2019-13106: Fixed stack-based buffer overflow via a crafted ext4 filesystem that may lead to code execution (bsc#1144656). CVE-2019-13104: Fixed an underflow that could cause memcpy() to overwrite a very large amount of data via a crafted ext4 filesystem (bsc#1144675). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129402
    published2019-09-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129402
    titleSUSE SLED15 / SLES15 Security Update : u-boot (SUSE-SU-2019:2474-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2235.NASL
    descriptionThis update for u-boot fixes the following issues : Security issues fixed : - CVE-2019-13106: Fixed stack-based buffer overflow via a crafted ext4 filesystem that may lead to code execution (bsc#1144656). - CVE-2019-13104: Fixed an underflow that could cause memcpy() to overwrite a very large amount of data via a crafted ext4 filesystem (bsc#1144675). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129525
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129525
    titleopenSUSE Security Update : u-boot (openSUSE-2019-2235)