5.9
CVE-2024-38796
- EPSS 0.05%
- Published 27.09.2024 22:15:13
- Last modified 06.12.2024 14:15:20
- Source infosec@edk2.groups.io
- Teams watchlist Login
- Open Login
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorTianoCore
≫
Product
EDK2
Default Statusunaffected
Version <=
edk2-stable202405
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.05% | 0.166 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
infosec@edk2.groups.io | 5.9 | 1.2 | 4.7 |
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().