Fluid Attacks Database

Description

[REJECTED CVE] A vulnerability exists in EDK-2 within BaseUefiDecompressLib.c (MdePkg/Library/BaseUefiDecompressLib). An authenticated attacker could exploit this vulnerability by supplying a crafted file, potentially leading to privilege escalation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	OVMF	<0:20180508-6.gitee3198e672e2.el7	0:20180508-6.gitee3198e672e2.el7

Aliases

1. CVE-2017-57322. NVD-2017-57323. OSV-2017-5732

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.