Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB
Vulnerability Description
RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.
CVSS Information
N/A
Vulnerability Type
无符号至有符号转换错误
Vulnerability Title
rauc 数据伪造问题漏洞
Vulnerability Description
rauc是RAUC开源的一个嵌入式Linux系统的安全更新控制器。 RAUC 1.15.2之前版本存在数据伪造问题漏洞,该漏洞源于使用明文格式且有效载荷大小超过2 GiB的RAUC捆绑包会导致整数溢出,可能导致签名仅覆盖有效载荷的前几个字节,允许攻击者修改签名未覆盖的部分。
CVSS Information
N/A
Vulnerability Type
N/A