u-boot is vulnerable to Denial Of Service (DoS). The vulnerability exists because the U-Boot DFU implementation does not bind the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command, allowing an attacker to write beyond the heap-allocated request buffer through the maliciously crafted USB DFU download setup packet with a wLength
greater than 4096 bytes
CPE | Name | Operator | Version |
---|---|---|---|
u-boot:sid | eq | 2020.10+dfsg-1+b1 | |
u-boot:sid | eq | 2020.10+dfsg-1+b1 |