Bug 1641465 (CVE-2017-5735)
| Summary: | CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | berrange, kraxel, lersek, pbonzini, philmd, virt-maint |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
[REJECTED CVE] A heap-based buffer overflow issue was identified in EDK2 in the Decode() function of BaseUefiDecompressLib.c, TianoCompress.c and UEFI Specification. The issue arises from improper handling of data, which could allow an authenticated attacker to exploit it by supplying a crafted file. This could lead to privilege escalation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-08-06 13:20:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1641467, 1641468, 1641469, 1666586 | ||
| Bug Blocks: | 1641438 | ||
|
Description
Sam Fowler
2018-10-22 06:21:34 UTC
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1641468] Affects: fedora-all [bug 1641467] This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:2125 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-5735 |