Known Vulnerabilities for products from Denx

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Denx".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2024-42040 json Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any... Not Provided 2024-08-23 2026-04-03
CVE-2022-34835 json In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" comm... 9.8 - CRITICAL 2022-06-30 2023-08-29
CVE-2022-33967 json squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow... 7.8 - HIGH 2022-07-20 2022-08-02
CVE-2022-33103 json Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). 7.8 - HIGH 2022-07-01 2023-11-07
CVE-2022-30790 json Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. 7.8 - HIGH 2022-06-08 2022-06-16
CVE-2022-30767 json nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed l... 9.8 - CRITICAL 2022-05-16 2023-11-07
CVE-2022-30552 json Das U-Boot 2022.01 has a Buffer Overflow. 5.5 - MEDIUM 2022-06-08 2022-06-16
CVE-2022-2347 json There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU dow... 7.1 - HIGH 2022-09-23 2022-09-29
CVE-2021-27138 json The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. 7.8 - HIGH 2021-02-17 2021-02-24
CVE-2021-27097 json The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. 7.8 - HIGH 2021-02-17 2021-02-23
CVE-2020-10648 json Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by pr... 7.8 - HIGH 2020-03-19 2021-03-26
CVE-2020-8432 json In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing m... 9.8 - CRITICAL 2020-01-29 2023-11-07
CVE-2019-14204 json An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helpe... 9.8 - CRITICAL 2019-07-31 2020-08-24
CVE-2019-14203 json An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helpe... 9.8 - CRITICAL 2019-07-31 2020-08-24
CVE-2019-14202 json An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helpe... 9.8 - CRITICAL 2019-07-31 2020-08-24
CVE-2019-14201 json An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helpe... 9.8 - CRITICAL 2019-07-31 2020-08-24
CVE-2019-14200 json An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helpe... 9.8 - CRITICAL 2019-07-31 2020-08-24
CVE-2019-14199 json An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_pr... 9.8 - CRITICAL 2019-07-31 2019-08-02
CVE-2019-14198 json An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_re... 9.8 - CRITICAL 2019-07-31 2020-08-24
CVE-2019-14197 json An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. 9.1 - CRITICAL 2019-07-31 2019-08-02

Known software with vulnerabilities from Denx

Type Vendor Product Version
ApplicationDenxU-boot-