CVE-2018-18439

2018-11-2019:29:00

Google

osv.dev

7.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.

CPENameOperatorVersion
u-booteq2012.04
u-booteqLABEL_2003_09_18_2045
u-booteq2016.09-rc2
u-booteq1.3.0-rc3
u-booteqLABEL_2003_10_14_2140
u-booteq2018.07-rc3
u-booteq2011.03-rc2
u-booteqU-Boot-1_0_1
u-booteq2009.01
u-booteq2009.11-rc1

Name	Operator	Version
u-boot	eq	2012.04
u-boot	eq	LABEL_2003_09_18_2045
u-boot	eq	2016.09-rc2
u-boot	eq	1.3.0-rc3
u-boot	eq	LABEL_2003_10_14_2140
u-boot	eq	2018.07-rc3
u-boot	eq	2011.03-rc2
u-boot	eq	U-Boot-1_0_1
u-boot	eq	2009.01
u-boot	eq	2009.11-rc1