Vulnerabilities > CVE-2020-8432 - Double Free vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

denx

opensuse

CWE-415

critical

NVD

Published: 2020-01-29

Updated: 2023-11-07

Summary

In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.

Vulnerable Configurations

Part	Description	Count
Application	Denx Denx U Boot - Denx U Boot 0.2.0 Denx U Boot 0.2.3 Denx U Boot 0.3.0 Denx U Boot 0.3.1 Denx U Boot 0.4.0 Denx U Boot 0.4.1 Denx U Boot 0.4.2 Denx U Boot 0.4.3 Denx U Boot 0.4.4 Denx U Boot 0.4.5 Denx U Boot 0.4.6 Denx U Boot 0.4.7 Denx U Boot 0.4.8 Denx U Boot 1.0.0 Denx U Boot 1.0.1 Denx U Boot 1.0.2 Denx U Boot 1.1.0 Denx U Boot 1.1.1 Denx U Boot 1.1.2 Denx U Boot 1.1.3 Denx U Boot 1.1.4 Denx U Boot 1.1.5 Denx U Boot 1.1.6 Denx U Boot 1.2.0 Denx U Boot 1.3.0 Denx U Boot 1.3.1 Denx U Boot 1.3.3 Denx U Boot 1.3.4 Denx U Boot 2008.10 Denx U Boot 2009.01 Denx U Boot 2009.03 Denx U Boot 2009.06 Denx U Boot 2009.08 Denx U Boot 2009.11 Denx U Boot 2009.11.1 Denx U Boot 2010.03 Denx U Boot 2010.06 Denx U Boot 2010.09 Denx U Boot 2010.12 Denx U Boot 2011.03 Denx U Boot 2011.04.01 Denx U Boot 2011.06 Denx U Boot 2011.09 Denx U Boot 2011.12 Denx U Boot 2012.04 Denx U Boot 2012.04.01 Denx U Boot 2012.07 Denx U Boot 2012.10 Denx U Boot 2013.01 Denx U Boot 2013.01.01 Denx U Boot 2013.04 Denx U Boot 2013.07 Denx U Boot 2013.10 Denx U Boot 2014.01 Denx U Boot 2014.04 Denx U Boot 2014.07 Denx U Boot 2014.10 Denx U Boot 2015.01 Denx U Boot 2015.04 Denx U Boot 2015.07 Denx U Boot 2015.10 Denx U Boot 2016.01 Denx U Boot 2016.03 Denx U Boot 2016.05 Denx U Boot 2016.07 Denx U Boot 2016.09 Denx U Boot 2016.09.01 Denx U Boot 2016.11 Denx U Boot 2017.01 Denx U Boot 2017.03 Denx U Boot 2017.05 Denx U Boot 2017.07 Denx U Boot 2017.09 Denx U Boot 2017.11 Denx U Boot 2018.01 Denx U Boot 2018.03 Denx U Boot 2018.05 Denx U Boot 2018.07 Denx U Boot 2018.09 Denx U Boot 2018.11 Denx U Boot 2019.01 Denx U Boot 2019.04 Denx U Boot 2019.07 Denx U Boot 2019.10 Denx U Boot 2020.01	298
OS	Opensuse Opensuse Leap 15.2	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References