CVE-2019-13105

Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Denx ≫ U-boot Version2019.07 Updaterc1

Denx ≫ U-boot Version2019.07 Updaterc2

Denx ≫ U-boot Version2019.07 Updaterc3

Denx ≫ U-boot Version2019.07 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.463

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Patch

Third Party Advisory

Third Party Advisory

Patch

Vendor Advisory

Mailing List

CVE Source (NVD)

CVE Source (JSON)

EUVD