ALT-PU-2019-1581-1

BDU:2019-01290

HIGH7.2

Уязвимость библиотеки Tianocore edk2, вызванная недостаточной проверкой вводимых пользователем данных, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании

Published: 2019-04-04Modified: 2021-03-23

CVSS 3.xHIGH 7.2

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:P

References

CVE-2018-12178

BDU:2019-01291

HIGH8.3

Уязвимость службы BlockIo библиотеки Tianocore edk2, позволяющая нарушителю повысить свои привилегии, раскрыть защищаемую информацию или вызвать отказ в обслуживании

Published: 2019-04-04Modified: 2021-03-23

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2018-12180

CVE-2018-12178

CRITICAL9.1

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.

Published: 2019-03-27Modified: 2024-11-21

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS 3.xCRITICAL 9.1

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

References

CVE-2018-12180

HIGH8.8

Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.

Published: 2019-03-27Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2018-12181

MEDIUM6.0

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

Published: 2019-03-27Modified: 2024-11-21

CVSS 2.0LOW 3.6

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS 3.xMEDIUM 6.0

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

References

CVE-2018-3630

NONE

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none

Published: 2019-10-28Modified: 2023-11-07

Package update edk2 in branch sisyphus

Closed issues (6)

Уязвимость службы BlockIo библиотеки Tianocore edk2, позволяющая нарушителю повысить свои привилегии, раскрыть защищаемую информацию или вызвать отказ в обслуживании

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.

Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none