Fluid Attacks Database

Description

[REJECTED CVE] A stack-based buffer overflow vulnerability was identified in EDK-2 within the MakeTable() function of BaseUefiDecompressLib.c, TianoCompress.c, and the UEFI specification. An authenticated attacker could exploit this vulnerability by supplying a crafted file, potentially leading to privilege escalation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	OVMF	<0:20180508-6.gitee3198e672e2.el7	0:20180508-6.gitee3198e672e2.el7

Aliases

1. CVE-2017-57342. NVD-2017-57343. OSV-2017-5734

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.