Vulnerabilities > CVE-2021-37847 - Unspecified vulnerability in Pengutronix Barebox

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
pengutronix

Summary

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.

Vulnerable Configurations

Part Description Count
Application
Pengutronix
132