4.6
CVE-2024-38797
- EPSS 0.15%
- Veröffentlicht 07.04.2025 17:18:01
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle infosec@edk2.groups.io
- CVE-Watchlists
- Unerledigt
Out-of-bounds Read in HashPeImageByType()
EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTianoCore
≫
Produkt
EDK2
Default Statusunaffected
Version <=
edk2-stable202408
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.352 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| infosec@edk2.groups.io | 4.6 | 2.1 | 2.5 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.