Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2021-37848

Disclosure Date: August 02, 2021 (last updated February 23, 2025)
common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-37847

Disclosure Date: August 02, 2021 (last updated November 28, 2024)
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-13910

Disclosure Date: June 07, 2020 (last updated February 21, 2025)
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-15937

Disclosure Date: September 05, 2019 (last updated November 27, 2024)
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.
0
0
Attacker Value
Unknown

CVE-2019-15938

Disclosure Date: September 05, 2019 (last updated November 27, 2024)
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy.
0
0