cve 2019 14199

CVE-2019-14199 is a security vulnerability in Das U-Boot, an open-source boot loader used in embedded systems. The flaw is an integer underflow in the network handling code that processes UDP packets. A maliciously crafted UDP packet can trigger an unbounded memcpy, leading to remote memory corruption and potential code execution in the pre-boot environment. The issue arises from a signed/unsigned arithmetic mistake in the path that handles incoming UDP payloads, causing an underflow that produces a huge size value passed to memcpy. This vulnerability affects U-Boot through version 2019.07 and is relevant for systems using this boot loader in network-boot scenarios.