CVE-2014-4859
- Source
- https://cve.org/CVERecord?id=CVE-2014-4859
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-4859.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2014-4859
- Withdrawn
- 2024-06-30T15:59:35.714164Z
- Published
- 2020-01-31T16:15:10Z
- Modified
- 2024-06-04T04:57:28.936410Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
- References
Affected packages
Debian:10 / edk2
Package
- Name
- edk2
- Purl
- pkg:deb/debian/edk2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0~20181115.*
0~20181115.85588389-3
0~20181115.85588389-3+deb10u1
0~20181115.85588389-3+deb10u2
0~20181115.85588389-3+deb10u3
0~20190309.*
0~20190309.89910a39-1
0~20190606.*
0~20190606.20d2e5a1-1
0~20190606.20d2e5a1-2
0~20190606.20d2e5a1-3
0~20190606.20d2e5a1-4
0~20190828.*
0~20190828.37eef910-2
0~20190828.37eef910-3
0~20190828.37eef910-4
0~20191122.*
0~20191122.bd85bf54-1
0~20191122.bd85bf54-2
0~20200229.*
0~20200229.4c0f6e34-1
0.*
0.0~20200229-1
0.0~20200229-2~bpo10+1
0.0~20200229-2
2020.*
2020.05-1
2020.05-2
2020.05-3~bpo+1
2020.05-3
2020.05-4
2020.05-5
2020.08-1
2020.11-1
2020.11-2
2020.11-3
2020.11-4
2020.11-5
2021.*
2021.02-1
2021.05-1
2021.08~rc0-1
2021.08~rc0-2
2021.08-1
2021.08-2
2021.08-3
2021.11~rc1-1
2021.11-1
2021.11-2
2022.*
2022.02~rc1-1
2022.02-1
2022.02-2
2022.02-3
2022.05~rc1-1
2022.05-1
2022.05-2
2022.05-3
2022.05-4
2022.08-1
2022.11-1
2022.11-2
2022.11-3
2022.11-4
2022.11-5
2022.11-6
2023.*
2023.02-1
2023.02-2
2023.05-1
2023.05-2
2023.08-1
2023.11-1
2023.11-2
2023.11-3
2023.11-4
2023.11-5
2023.11-6
2023.11-7
2023.11-8
2024.*
2024.02-1
2024.02-2