Fluid Attacks Database

Description

[REJECTED CVE] A heap-based buffer overflow vulnerability exists in EDK II within the MakeTable() function of BaseUefiDecompressLib.c, TianoCompress.c, and the UEFI specification. An authenticated attacker could exploit this flaw by supplying a crafted file, potentially leading to privilege escalation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	OVMF	<0:20180508-6.gitee3198e672e2.el7	0:20180508-6.gitee3198e672e2.el7

Aliases

1. CVE-2017-57332. NVD-2017-57333. OSV-2017-5733

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.