uboot

A critical stack-based buffer overflow in Das U-Boot’s NFS reply parsing — tracked as CVE-2019-14200 — exposes a long-standing attack surface for devices that use network boot or NFS-mounted filesystems during early boot, allowing malformed NFS replies to corrupt memory and, in the worst case...

An unbounded memcpy in U-Boot’s NFS reply handler left a wide swath of embedded and development hardware exposed to remote memory corruption and — in many realistic configurations — remote code execution during network boot operations, a defect formally tracked as CVE-2019-14198. (nvd.nist.gov)...

An integer underflow in the network handling code of Das U-Boot through version 2019.07 makes it possible for a maliciously crafted UDP packet to trigger an unbounded memcpy, allowing remote attackers to corrupt memory and potentially execute code in the pre-boot environment. The flaw, tracked...

An overlooked parsing bug in Das U-Boot’s NFS reply handling — tracked as CVE-2019-14195 — allows an attacker who can control the NFS responses seen by a device to trigger an unbounded memcpy and corrupt U-Boot’s stack or heap, creating a realistic pathway to code execution during early boot...

Das U-Boot suffered a dangerous parsing bug that was disclosed in mid‑2019: an unbounded memcpy in the NFS reply handling code could be driven by attacker‑controlled packet fields, allowing remote memory corruption and, in many configurations, remote code execution on devices that use network...

Das U‑Boot ships with a dangerous surprise in its NFS reply handling: a stack‑based buffer overflow in the nfs_mount_reply helper (tracked as CVE‑2019‑14203) that affects U‑Boot releases up through and including 2019.07 and — in certain configurations — permits remote attackers controlling a...

Das U-Boot shipped a high‑severity network‑facing vulnerability—tracked as CVE‑2019‑14202—that left embedded devices and boot‑time network stacks open to a stack‑based buffer overflow in the NFS reply parsing code, and the flaw demanded immediate attention from device vendors, integrators, and...

The U‑Boot bootloader contains a critical NFS parsing bug that was assigned CVE‑2019‑14193: an unbounded memcpy in the nfs_readlink_reply handler that uses an attacker‑controlled length without validation, allowing remotely supplied NFS responses to trigger memory corruption and, in the worst...

Das U‑Boot contained a network‑exposed memory‑safety flaw — CVE‑2019‑14197 — that allowed an attacker controlling or impersonating an NFS server to trigger an out‑of‑bounds read inside the NFS reply parser (nfs_read_reply), with real potential to leak sensitive memory and, in certain...

Das U-Boot's DHCP code contains a subtle but dangerous buffer overread that has been tracked as CVE-2024-42040: an attacker on the local or adjacent network can feed crafted DHCP responses that cause net/bootp.c to copy memory beyond the received packet, leaking between 4 and 32 bytes of host...