CVE-2024-42040

EPSS 0.1%
Veröffentlicht 23.08.2024 15:15:16
Zuletzt bearbeitet 03.04.2026 17:17:08
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Denx ≫ U-boot Version <= 2025.10

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.265

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://github.com/u-boot/u-boot/tags

Release Notes

https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt

Third Party Advisory

Mitigation

http://seclists.org/fulldisclosure/2024/Aug/38

Third Party Advisory

Mailing List

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2024-42040

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42040

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42040

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-42040