CVE-2025-4002
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-4002
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4002.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-4002
- Published
- 2025-04-28T05:15:18Z
- Modified
- 2025-04-29T14:49:14.229846Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue.
- References
-
- https://github.com/RefindPlusRepo/RefindPlus/commit/d2143a1e2deefddd9b105fb7160763c4f8d47ea2
- https://github.com/RefindPlusRepo/RefindPlus/issues/204
- https://github.com/RefindPlusRepo/RefindPlus/issues/204#issuecomment-2696817643
- https://vuldb.com/?ctiid.306338
- https://vuldb.com/?id.306338
- https://vuldb.com/?submit.558122
Affected packages
Git / github.com/refindplusrepo/refindplus
Affected ranges
- Type
- GIT
- Repo
- https://github.com/refindplusrepo/refindplus
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.12.0.AA
v0.12.0.AB
v0.12.0.AN
v0.12.0.AQ
v0.12.0.C
v0.12.0.D
v0.12.0.E
v0.12.0.F
v0.12.0.G
v0.12.0.H
v0.12.0.J
v0.12.0.K
v0.12.0.L
v0.12.0.M
v0.13.1.AA
v0.13.1.AB
v0.13.2.AA
v0.13.2.AB
v0.13.2.AC
v0.13.2.AD
v0.13.2.AE
v0.13.2.AF
v0.13.2.AG
v0.13.2.AH
v0.13.2.AJ
v0.13.2.AK
v0.13.2.AL
v0.13.2.AM
v0.13.2.AN
v0.13.2.AP
v0.13.3.AA
v0.13.3.AB
v0.13.3.AC
v0.13.3.AD
v0.14.0.AA
v0.14.0.AB
v0.14.0.AC
v0.14.1.AA
v0.14.2.AA
v0.14.2.AB