CVE-2017-7936

EPSS 0.16%
Published 07.08.2017 08:29:00
Last modified 20.04.2025 01:37:25
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Nxp ≫ Vybrid Mvf30nn151cku26 Firmware Version-

Nxp ≫ Vybrid Mvf30nn151cku26 Version-

Nxp ≫ Vybrid Mvf30ns151cku26 Firmware Version-

Nxp ≫ Vybrid Mvf30ns151cku26 Version-

Nxp ≫ Vybrid Mvf50nn151cmk40 Firmware Version-

Nxp ≫ Vybrid Mvf50nn151cmk40 Version-

Nxp ≫ Vybrid Mvf50nn151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf50nn151cmk50 Version-

Nxp ≫ Vybrid Mvf50ns151cmk40 Firmware Version-

Nxp ≫ Vybrid Mvf50ns151cmk40 Version-

Nxp ≫ Vybrid Mvf50ns151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf50ns151cmk50 Version-

Nxp ≫ Vybrid Mvf51nn151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf51nn151cmk50 Version-

Nxp ≫ Vybrid Mvf51ns151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf51ns151cmk50 Version-

Nxp ≫ Vybrid Mvf60nn151cmk40 Firmware Version-

Nxp ≫ Vybrid Mvf60nn151cmk40 Version-

Nxp ≫ Vybrid Mvf60ns151cmk40 Firmware Version-

Nxp ≫ Vybrid Mvf60ns151cmk40 Version-

Nxp ≫ Vybrid Mvf60nn151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf60nn151cmk50 Version-

Nxp ≫ Vybrid Mvf60ns151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf60ns151cmk50 Version-

Nxp ≫ Vybrid Mvf61nn151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf61nn151cmk50 Version-

Nxp ≫ Vybrid Mvf61ns151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf61ns151cmk50 Version-

Nxp ≫ Vybrid Mvf62nn151cmk40 Firmware Version-

Nxp ≫ Vybrid Mvf62nn151cmk40 Version-

Nxp ≫ I.Mx 50 Firmware Version-

Nxp ≫ I.Mx 50 Version-

Nxp ≫ I.Mx 53 Firmware Version-

Nxp ≫ I.Mx 53 Version-

Nxp ≫ I.Mx 6ull Firmware Version-

Nxp ≫ I.Mx 6ull Version-

Nxp ≫ I.Mx 6ultralite Firmware Version-

Nxp ≫ I.Mx 6ultralite Version-

Nxp ≫ I.Mx 6sololite Firmware Version-

Nxp ≫ I.Mx 6sololite Version-

Nxp ≫ I.Mx 6solo Firmware Version-

Nxp ≫ I.Mx 6solo Version-

Nxp ≫ I.Mx 6duallite Firmware Version-

Nxp ≫ I.Mx 6duallite Version-

Nxp ≫ I.Mx 6solox Firmware Version-

Nxp ≫ I.Mx 6solox Version-

Nxp ≫ I.Mx 6dual Firmware Version-

Nxp ≫ I.Mx 6dual Version-

Nxp ≫ I.Mx 6quad Firmware Version-

Nxp ≫ I.Mx 6quad Version-

Nxp ≫ I.Mx 6quadplus Firmware Version-

Nxp ≫ I.Mx 6quadplus Version-

Nxp ≫ I.Mx 6dualplus Firmware Version-

Nxp ≫ I.Mx 6dualplus Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.374

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.3	0.4	5.9	CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

http://www.securityfocus.com/bid/99966

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02

Third Party Advisory

US Government Resource

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-7936

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7936

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7936

EUVD