CVE-2024-38797

EPSS 0.02%
Published 07.04.2025 17:18:01
Last modified 08.04.2025 18:14:17
Source infosec@edk2.groups.io
Teams watchlist Login
Open Login

EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorTianoCore

≫

Product EDK2

Default Statusunaffected

Version <= edk2-stable202408

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.044

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
infosec@edk2.groups.io	4.6	2.1	2.5	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf

https://nvd.nist.gov/vuln/detail/CVE-2024-38797

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38797

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38797

EUVD