CVE-2020-13910

2020-06-0719:36:33

mitre

www.cve.org

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.

References

git.pengutronix.de/cgit/barebox/commit/net/nfs.c?h=next&id=c0f0cbd1759a6ca6cbda4001dff5764f6633c825