squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.
CPE | Name | Operator | Version |
---|---|---|---|
u-boot | eq | 2021.4 rc1 | |
u-boot | eq | 2022.7 rc2 | |
u-boot | eq | 2022.7 rc1 | |
u-boot | eq | 2022.01 | |
u-boot | eq | 2022.7 rc3 | |
u-boot | eq | 2022.7 rc4 | |
u-boot | eq | 2022.7 rc5 | |
u-boot | eq | 2020.10 rc2 | |
u-boot | eq | 2020.10 rc3 | |
u-boot | eq | 2021.01 |