CVE-2018-1000205

2018-06-2616:29:00

Google

osv.dev

0.001 Low

EPSS

Percentile

31.6%

JSON

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.

CPENameOperatorVersion
u-booteq2012.04
u-booteqLABEL_2003_09_18_2045
u-booteq2016.09-rc2
u-booteq1.3.0-rc3
u-booteqLABEL_2003_10_14_2140
u-booteq2018.07-rc3
u-booteq2011.03-rc2
u-booteqU-Boot-1_0_1
u-booteq2009.01
u-booteq2009.11-rc1

Name	Operator	Version
u-boot	eq	2012.04
u-boot	eq	LABEL_2003_09_18_2045
u-boot	eq	2016.09-rc2
u-boot	eq	1.3.0-rc3
u-boot	eq	LABEL_2003_10_14_2140
u-boot	eq	2018.07-rc3
u-boot	eq	2011.03-rc2
u-boot	eq	U-Boot-1_0_1
u-boot	eq	2009.01
u-boot	eq	2009.11-rc1