CVE-2026-24795

Source
https://cve.org/CVERecord?id=CVE-2026-24795
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24795.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-24795
Published
2026-01-27T09:15:49.233Z
Modified
2026-04-10T05:44:28.024632Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber CVSS Calculator
Summary
[none]
Details

Out-of-bounds Write vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regcomp.C.

This issue affects CloverBootloader: before 5162.

References

Affected packages

Git / github.com/CloverHackyColor/CloverBootloader

Affected ranges

Type
GIT
Repo
https://github.com/CloverHackyColor/CloverBootloader
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5162"
        }
    ]
}

Affected versions

Other
5071
5078
5081
5084
5089
5091
5094
5095
5096
5097
5098
5099
5100
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5155
5156
5157
5158
5159
5160
5161

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24795.json"