漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Unchecked Download size in Uboot
Vulnerability Description
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
DENX Software Engineering Das U-Boot 缓冲区错误漏洞
Vulnerability Description
DENX Software Engineering Das U-Boot是德国DENX Software Engineering公司的一个通用引导加载程序。 DENX Software Engineering Das U-Boot 存在安全漏洞,该漏洞源于USB DFU 中未选中的下载大小和方向,攻击者利用该漏洞可以写入超出堆分配的请求缓冲区。
CVSS Information
N/A
Vulnerability Type
N/A