CVE-2024-42040

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42040
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42040.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-42040
Published
2024-08-23T15:15:16Z
Modified
2024-09-18T03:26:32.801434Z
Summary
[none]
Details

Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.

References

Affected packages

Debian:11 / u-boot

Package

Name
u-boot
Purl
pkg:deb/debian/u-boot?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2021.*

2021.01+dfsg-5
2021.04~rc3+dfsg-1
2021.04~rc4+dfsg-1
2021.07~rc4+dfsg-1
2021.07+dfsg-1
2021.07+dfsg-2
2021.10~rc5+dfsg-1
2021.10+dfsg-1

2022.*

2022.01~rc2+dfsg-1
2022.01~rc4+dfsg-1
2022.01+dfsg-1
2022.01+dfsg-2
2022.04~rc2+dfsg-1
2022.04~rc4+dfsg-1
2022.04+dfsg-1
2022.04+dfsg-2
2022.07~rc3+dfsg-1
2022.07~rc3+dfsg-2
2022.07~rc4+dfsg-1
2022.07+dfsg-1
2022.10~rc2+dfsg-1
2022.10~rc2+dfsg-2
2022.10+dfsg-1
2022.10+dfsg-2

2023.*

2023.01~rc2+dfsg-1
2023.01~rc3+dfsg-1
2023.01~rc4+dfsg-1
2023.01~rc4+dfsg-2
2023.01+dfsg-1
2023.01+dfsg-2
2023.04~rc2+dfsg-1
2023.04~rc5+dfsg-1
2023.04+dfsg-1
2023.07~rc4+dfsg-1
2023.07~rc5+dfsg-1
2023.07+dfsg-1

2024.*

2024.01~rc6+dfsg-1
2024.01~rc6+dfsg-2
2024.01+dfsg-1
2024.01+dfsg-2
2024.01+dfsg-3
2024.01+dfsg-4
2024.01+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / u-boot

Package

Name
u-boot
Purl
pkg:deb/debian/u-boot?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.01+dfsg-2
2023.01+dfsg-2+deb12u1
2023.04~rc2+dfsg-1
2023.04~rc5+dfsg-1
2023.04+dfsg-1
2023.07~rc4+dfsg-1
2023.07~rc5+dfsg-1
2023.07+dfsg-1

2024.*

2024.01~rc6+dfsg-1
2024.01~rc6+dfsg-2
2024.01+dfsg-1
2024.01+dfsg-2
2024.01+dfsg-3
2024.01+dfsg-4
2024.01+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / u-boot

Package

Name
u-boot
Purl
pkg:deb/debian/u-boot?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.01+dfsg-2
2023.04~rc2+dfsg-1
2023.04~rc5+dfsg-1
2023.04+dfsg-1
2023.07~rc4+dfsg-1
2023.07~rc5+dfsg-1
2023.07+dfsg-1

2024.*

2024.01~rc6+dfsg-1
2024.01~rc6+dfsg-2
2024.01+dfsg-1
2024.01+dfsg-2
2024.01+dfsg-3
2024.01+dfsg-4
2024.01+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}