Description
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.
References (1)
Core 1
Core References
Scores
CVSS v3
9.8
EPSS
0.0209
EPSS Percentile
79.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
pengutronix/barebox
< 2019.08.1
Published
Sep 05, 2019
Tracked Since
Feb 18, 2026