Your submission was sent successfully! Close

CVE-2022-30767

Published: 16 May 2022

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.

Notes

AuthorNote
sbeattie 
introduced in 5d14ee4e53a81055d34ba280cb8fd90330f22a96
upstream
Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
u-boot
Launchpad, Ubuntu, Debian 		bionic Needed

focal Needed

impish Ignored
(reached end-of-life)
jammy Needed

upstream Needed

xenial Needed

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading