Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Barebox
(Pengutronix)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-02 | CVE-2021-37848 | common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. | Barebox | 7.5 | ||
| 2021-08-02 | CVE-2021-37847 | crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification. | Barebox | 7.5 | ||
| 2020-06-07 | CVE-2020-13910 | Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check. | Barebox | N/A | ||
| 2019-09-05 | CVE-2019-15938 | Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy. | Barebox | 9.8 | ||
| 2019-09-05 | CVE-2019-15937 | Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. | Barebox | 9.8 |