CVE-2022-33967

Source
https://cve.org/CVERecord?id=CVE-2022-33967
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33967.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-33967
Downstream
Related
Published
2022-07-20T06:15:22Z
Modified
2026-07-08T06:01:18.957234978Z
Summary
[none]
Details

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "versions from v2020.10-rc2 to v2022.07-rc5"
                },
                {
                    "last_affected": "versions from v2020.10-rc2 to v2022.07-rc5"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/33xxx/CVE-2022-33967.json",
    "cna_assigner": "jpcert"
}
References

Affected packages

Git / github.com/u-boot/u-boot

Affected ranges

Type
GIT
Repo
https://github.com/u-boot/u-boot
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": [
        "cpe:2.3:a:denx:u-boot:2020.10:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2020.10:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2020.10:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2020.10:rc5:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2021.01:-:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2021.01:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2021.01:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2021.01:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2021.01:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2021.01:rc5:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2021.04:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2021.04:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.01:-:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.01:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.01:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.01:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.01:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.04:-:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.04:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.04:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.04:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.04:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.04:rc5:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.07:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.07:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.07:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.07:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:denx:u-boot:2022.07:rc5:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2020.10-rc2"
        },
        {
            "last_affected": "2020.10-rc2"
        },
        {
            "introduced": "2020.10-rc3"
        },
        {
            "last_affected": "2020.10-rc3"
        },
        {
            "introduced": "2020.10-rc4"
        },
        {
            "last_affected": "2020.10-rc4"
        },
        {
            "introduced": "2020.10-rc5"
        },
        {
            "last_affected": "2020.10-rc5"
        },
        {
            "introduced": "2021.01-NA"
        },
        {
            "last_affected": "2021.01-NA"
        },
        {
            "introduced": "2021.01-rc1"
        },
        {
            "last_affected": "2021.01-rc1"
        },
        {
            "introduced": "2021.01-rc2"
        },
        {
            "last_affected": "2021.01-rc2"
        },
        {
            "introduced": "2021.01-rc3"
        },
        {
            "last_affected": "2021.01-rc3"
        },
        {
            "introduced": "2021.01-rc4"
        },
        {
            "last_affected": "2021.01-rc4"
        },
        {
            "introduced": "2021.01-rc5"
        },
        {
            "last_affected": "2021.01-rc5"
        },
        {
            "introduced": "2021.04-rc1"
        },
        {
            "last_affected": "2021.04-rc1"
        },
        {
            "introduced": "2021.04-rc2"
        },
        {
            "last_affected": "2021.04-rc2"
        },
        {
            "introduced": "2022.01-NA"
        },
        {
            "last_affected": "2022.01-NA"
        },
        {
            "introduced": "2022.01-rc1"
        },
        {
            "last_affected": "2022.01-rc1"
        },
        {
            "introduced": "2022.01-rc2"
        },
        {
            "last_affected": "2022.01-rc2"
        },
        {
            "introduced": "2022.01-rc3"
        },
        {
            "last_affected": "2022.01-rc3"
        },
        {
            "introduced": "2022.01-rc4"
        },
        {
            "last_affected": "2022.01-rc4"
        },
        {
            "introduced": "2022.04-NA"
        },
        {
            "last_affected": "2022.04-NA"
        },
        {
            "introduced": "2022.04-rc1"
        },
        {
            "last_affected": "2022.04-rc1"
        },
        {
            "introduced": "2022.04-rc2"
        },
        {
            "last_affected": "2022.04-rc2"
        },
        {
            "introduced": "2022.04-rc3"
        },
        {
            "last_affected": "2022.04-rc3"
        },
        {
            "introduced": "2022.04-rc4"
        },
        {
            "last_affected": "2022.04-rc4"
        },
        {
            "introduced": "2022.04-rc5"
        },
        {
            "last_affected": "2022.04-rc5"
        },
        {
            "introduced": "2022.07-rc1"
        },
        {
            "last_affected": "2022.07-rc1"
        },
        {
            "introduced": "2022.07-rc2"
        },
        {
            "last_affected": "2022.07-rc2"
        },
        {
            "introduced": "2022.07-rc3"
        },
        {
            "last_affected": "2022.07-rc3"
        },
        {
            "introduced": "2022.07-rc4"
        },
        {
            "last_affected": "2022.07-rc4"
        },
        {
            "introduced": "2022.07-rc5"
        },
        {
            "last_affected": "2022.07-rc5"
        }
    ]
}

Affected versions

2020.*
2020.10-rc2
2020.10-rc3
2020.10-rc4
2020.10-rc5
2021.*
2021.01-NA
2021.01-rc1
2021.01-rc2
2021.01-rc3
2021.01-rc4
2021.01-rc5
2021.04-rc1
2021.04-rc2
2022.*
2022.01-NA
2022.01-rc1
2022.01-rc2
2022.01-rc3
2022.01-rc4
2022.04-NA
2022.04-rc1
2022.04-rc2
2022.04-rc3
2022.04-rc4
2022.04-rc5
2022.07-rc1
2022.07-rc2
2022.07-rc3
2022.07-rc4
2022.07-rc5
v2020.*
v2020.10
v2020.10-rc2
v2020.10-rc3
v2020.10-rc4
v2020.10-rc5
v2021.*
v2021.01
v2021.01-rc1
v2021.01-rc2
v2021.01-rc3
v2021.01-rc4
v2021.01-rc5
v2021.04
v2021.04-rc1
v2021.04-rc2
v2021.04-rc3
v2021.04-rc4
v2021.04-rc5
v2021.07
v2021.07-rc1
v2021.07-rc2
v2021.07-rc3
v2021.07-rc4
v2021.07-rc5
v2021.10
v2021.10-rc1
v2021.10-rc2
v2021.10-rc3
v2021.10-rc4
v2021.10-rc5
v2022.*
v2022.01
v2022.01-rc1
v2022.01-rc2
v2022.01-rc3
v2022.01-rc4
v2022.04
v2022.04-rc1
v2022.04-rc2
v2022.04-rc3
v2022.04-rc4
v2022.04-rc5
v2022.07-rc1
v2022.07-rc2
v2022.07-rc3
v2022.07-rc4
v2022.07-rc5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33967.json"