CVE-2018-18440

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-18440
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18440.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-18440
Published
2018-11-20T19:29:00Z
Modified
2024-06-30T13:07:30.316693Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.

References

Affected packages

Debian:11 / u-boot

Package

Name
u-boot
Purl
pkg:deb/debian/u-boot?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2021.*

2021.01+dfsg-5
2021.04~rc3+dfsg-1
2021.04~rc4+dfsg-1
2021.07~rc4+dfsg-1
2021.07+dfsg-1
2021.07+dfsg-2
2021.10~rc5+dfsg-1
2021.10+dfsg-1

2022.*

2022.01~rc2+dfsg-1
2022.01~rc4+dfsg-1
2022.01+dfsg-1
2022.01+dfsg-2
2022.04~rc2+dfsg-1
2022.04~rc4+dfsg-1
2022.04+dfsg-1
2022.04+dfsg-2
2022.07~rc3+dfsg-1
2022.07~rc3+dfsg-2
2022.07~rc4+dfsg-1
2022.07+dfsg-1
2022.10~rc2+dfsg-1
2022.10~rc2+dfsg-2
2022.10+dfsg-1
2022.10+dfsg-2

2023.*

2023.01~rc2+dfsg-1
2023.01~rc3+dfsg-1
2023.01~rc4+dfsg-1
2023.01~rc4+dfsg-2
2023.01+dfsg-1
2023.01+dfsg-2
2023.04~rc2+dfsg-1
2023.04~rc5+dfsg-1
2023.04+dfsg-1
2023.07~rc4+dfsg-1
2023.07~rc5+dfsg-1
2023.07+dfsg-1

2024.*

2024.01~rc6+dfsg-1
2024.01~rc6+dfsg-2
2024.01+dfsg-1
2024.01+dfsg-2
2024.01+dfsg-3
2024.01+dfsg-4
2024.01+dfsg-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / u-boot

Package

Name
u-boot
Purl
pkg:deb/debian/u-boot?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.01+dfsg-2
2023.01+dfsg-2+deb12u1
2023.04~rc2+dfsg-1
2023.04~rc5+dfsg-1
2023.04+dfsg-1
2023.07~rc4+dfsg-1
2023.07~rc5+dfsg-1
2023.07+dfsg-1

2024.*

2024.01~rc6+dfsg-1
2024.01~rc6+dfsg-2
2024.01+dfsg-1
2024.01+dfsg-2
2024.01+dfsg-3
2024.01+dfsg-4
2024.01+dfsg-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / u-boot

Package

Name
u-boot
Purl
pkg:deb/debian/u-boot?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.01+dfsg-2
2023.04~rc2+dfsg-1
2023.04~rc5+dfsg-1
2023.04+dfsg-1
2023.07~rc4+dfsg-1
2023.07~rc5+dfsg-1
2023.07+dfsg-1

2024.*

2024.01~rc6+dfsg-1
2024.01~rc6+dfsg-2
2024.01+dfsg-1
2024.01+dfsg-2
2024.01+dfsg-3
2024.01+dfsg-4
2024.01+dfsg-5

Ecosystem specific

{
    "urgency": "unimportant"
}