Free Trial

CVE-2022-34835 : DAS U-BOOT UP TO 2022.07-RC5 I2C MD COMMAND DO_I2C_MD STACK-BASED OVERFLOW

Description

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the “i2c md” command enables the corruption of the return address pointer of the do_i2c_md function.

References

https://github.com/u-boot/u-boot/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409

https://lists.denx.de/pipermail/u-boot/2022-June/486113.html

https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409

For More Information

MITRE

Common Vulnerabilityies and Exposures

CVE-2022-34835 : DAS U-BOOT UP TO 2022.07-RC5 I2C MD COMMAND DO_I2C_MD STACK-BASED OVERFLOW
CVE-2022-34835 : DAS U-BOOT UP TO 2022.07-RC5 I2C MD COMMAND DO_I2C_MD STACK-BASED OVERFLOW

Contact us to get started

CVE-2024-49820 : IBM SECURITY GUARDIUM KEY LIFECYCLE MANAGER 4.1/4.1.1/4.2.0/4.2.1 CLEARTEXT TRANSMISSION

CVE-2024-49820 : IBM SECURITY GUARDIUM KEY LIFECYCLE MANAGER 4.1/4.1.1/4.2.0/4.2.1 CLEARTEXT TRANSMISSION

Description IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive

Learn more
CVE-2024-53144 : LINUX KERNEL UP TO 6.1.112/6.6.54/6.10.13/6.11.2 HCI_EVENT PRIVILEGE ESCALATION

CVE-2024-53144 : LINUX KERNEL UP TO 6.1.112/6.6.54/6.10.13/6.11.2 HCI_EVENT PRIVILEGE ESCALATION

Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This

Learn more
CVE-2024-50379 : APACHE TOMCAT UP TO 9.0.97/10.1.33/11.0.1 JSP COMPILATION TOCTOU

CVE-2024-50379 : APACHE TOMCAT UP TO 9.0.97/10.1.33/11.0.1 JSP COMPILATION TOCTOU

Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file

Learn more