Vulnerabilities > CVE-2019-14192 - Integer Underflow (Wrap or Wraparound) vulnerability in Denx U-Boot

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

denx

CWE-191

critical

NVD

Published: 2019-07-31

Updated: 2020-08-24

Summary

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.

Vulnerable Configurations

Part	Description	Count
Application	Denx Denx U Boot - Denx U Boot 0.2.0 Denx U Boot 0.2.3 Denx U Boot 0.3.0 Denx U Boot 0.3.1 Denx U Boot 0.4.0 Denx U Boot 0.4.1 Denx U Boot 0.4.2 Denx U Boot 0.4.3 Denx U Boot 0.4.4 Denx U Boot 0.4.5 Denx U Boot 0.4.6 Denx U Boot 0.4.7 Denx U Boot 0.4.8 Denx U Boot 1.0.0 Denx U Boot 1.0.1 Denx U Boot 1.0.2 Denx U Boot 1.1.0 Denx U Boot 1.1.1 Denx U Boot 1.1.2 Denx U Boot 1.1.3 Denx U Boot 1.1.4 Denx U Boot 1.1.5 Denx U Boot 1.1.6 Denx U Boot 1.2.0 Denx U Boot 1.3.0 Denx U Boot 1.3.1 Denx U Boot 1.3.3 Denx U Boot 1.3.4 Denx U Boot 2008.10 Denx U Boot 2009.01 Denx U Boot 2009.03 Denx U Boot 2009.06 Denx U Boot 2009.08 Denx U Boot 2009.11 Denx U Boot 2009.11.1 Denx U Boot 2010.03 Denx U Boot 2010.06 Denx U Boot 2010.09 Denx U Boot 2010.12 Denx U Boot 2011.03 Denx U Boot 2011.04.01 Denx U Boot 2011.06 Denx U Boot 2011.09 Denx U Boot 2011.12 Denx U Boot 2012.04 Denx U Boot 2012.04.01 Denx U Boot 2012.07 Denx U Boot 2012.10 Denx U Boot 2013.01 Denx U Boot 2013.01.01 Denx U Boot 2013.04 Denx U Boot 2013.07 Denx U Boot 2013.10 Denx U Boot 2014.01 Denx U Boot 2014.04 Denx U Boot 2014.07 Denx U Boot 2014.10 Denx U Boot 2015.01 Denx U Boot 2015.04 Denx U Boot 2015.07 Denx U Boot 2015.10 Denx U Boot 2016.01 Denx U Boot 2016.03 Denx U Boot 2016.05 Denx U Boot 2016.07 Denx U Boot 2016.09 Denx U Boot 2016.09.01 Denx U Boot 2016.11 Denx U Boot 2017.01 Denx U Boot 2017.03 Denx U Boot 2017.05 Denx U Boot 2017.07 Denx U Boot 2017.09 Denx U Boot 2017.11 Denx U Boot 2018.01 Denx U Boot 2018.03 Denx U Boot 2018.05 Denx U Boot 2018.07 Denx U Boot 2018.09 Denx U Boot 2018.11 Denx U Boot 2019.01 Denx U Boot 2019.04 Denx U Boot 2019.07	287

Common Weakness Enumeration (CWE)

CWE-191 - Integer Underflow (Wrap or Wraparound)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References