CVE-2017-3226

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-3226
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3226.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-3226
Published
2018-07-24T15:29:00Z
Modified
2024-06-30T13:00:23.827946Z
Severity
  • 6.4 (Medium) CVSS_V3 - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIGENVAES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message.

References

Affected packages

Debian:11 / u-boot

Package

Name
u-boot
Purl
pkg:deb/debian/u-boot?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2021.*

2021.01+dfsg-5
2021.04~rc3+dfsg-1
2021.04~rc4+dfsg-1
2021.07~rc4+dfsg-1
2021.07+dfsg-1
2021.07+dfsg-2
2021.10~rc5+dfsg-1
2021.10+dfsg-1

2022.*

2022.01~rc2+dfsg-1
2022.01~rc4+dfsg-1
2022.01+dfsg-1
2022.01+dfsg-2
2022.04~rc2+dfsg-1
2022.04~rc4+dfsg-1
2022.04+dfsg-1
2022.04+dfsg-2
2022.07~rc3+dfsg-1
2022.07~rc3+dfsg-2
2022.07~rc4+dfsg-1
2022.07+dfsg-1
2022.10~rc2+dfsg-1
2022.10~rc2+dfsg-2
2022.10+dfsg-1
2022.10+dfsg-2

2023.*

2023.01~rc2+dfsg-1
2023.01~rc3+dfsg-1
2023.01~rc4+dfsg-1
2023.01~rc4+dfsg-2
2023.01+dfsg-1
2023.01+dfsg-2
2023.04~rc2+dfsg-1
2023.04~rc5+dfsg-1
2023.04+dfsg-1
2023.07~rc4+dfsg-1
2023.07~rc5+dfsg-1
2023.07+dfsg-1

2024.*

2024.01~rc6+dfsg-1
2024.01~rc6+dfsg-2
2024.01+dfsg-1
2024.01+dfsg-2
2024.01+dfsg-3
2024.01+dfsg-4
2024.01+dfsg-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / u-boot

Package

Name
u-boot
Purl
pkg:deb/debian/u-boot?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.01+dfsg-2
2023.01+dfsg-2+deb12u1
2023.04~rc2+dfsg-1
2023.04~rc5+dfsg-1
2023.04+dfsg-1
2023.07~rc4+dfsg-1
2023.07~rc5+dfsg-1
2023.07+dfsg-1

2024.*

2024.01~rc6+dfsg-1
2024.01~rc6+dfsg-2
2024.01+dfsg-1
2024.01+dfsg-2
2024.01+dfsg-3
2024.01+dfsg-4
2024.01+dfsg-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / u-boot

Package

Name
u-boot
Purl
pkg:deb/debian/u-boot?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.01+dfsg-2
2023.04~rc2+dfsg-1
2023.04~rc5+dfsg-1
2023.04+dfsg-1
2023.07~rc4+dfsg-1
2023.07~rc5+dfsg-1
2023.07+dfsg-1

2024.*

2024.01~rc6+dfsg-1
2024.01~rc6+dfsg-2
2024.01+dfsg-1
2024.01+dfsg-2
2024.01+dfsg-3
2024.01+dfsg-4
2024.01+dfsg-5

Ecosystem specific

{
    "urgency": "unimportant"
}