1. CVE-Search
  2. CVE-2019-13104
ID CVE-2019-13104
Summary In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
References
Vulnerable Configurations
  • cpe:2.3:a:denx:u-boot:2019.07:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.07:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.07:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.07:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.07:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.07:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.07:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.07:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2016.09:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2016.09:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2016.09:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2016.09:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2016.09:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2016.09:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2016.09:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2016.09:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2016.09.01:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2016.09.01:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2016.11:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2016.11:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2016.11:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2016.11:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2016.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2016.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2016.11:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2016.11:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2016.11:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2016.11:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.01:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.01:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.01:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.01:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.01:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.01:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.01:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.01:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.01:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.01:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.03:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.03:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.03:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.03:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.03:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.03:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.03:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.03:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.03:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.03:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.05:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.05:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.05:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.05:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.05:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.05:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.05:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.05:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.05:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.05:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.07:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.07:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.07:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.07:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.07:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.07:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.07:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.07:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.07:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.07:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.09:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.09:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.09:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.09:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.09:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.09:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.09:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.09:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.09:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.09:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.09:rc4:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.09:rc4:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.11:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.11:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.11:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.11:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.11:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.11:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.11:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.11:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2017.11:rc4:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2017.11:rc4:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.01:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.01:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.01:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.01:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.01:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.01:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.01:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.01:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.01:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.01:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.03:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.03:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.03:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.03:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.03:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.03:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.03:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.03:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.03:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.03:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.03:rc4:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.03:rc4:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.05:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.05:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.05:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.05:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.05:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.05:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.05:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.05:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.05:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.05:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.07:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.07:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.07:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.07:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.07:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.07:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.07:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.07:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.07:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.07:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.09:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.09:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.09:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.09:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.09:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.09:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.09:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.09:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.09:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.09:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.11:*:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.11:*:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.11:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.11:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.11:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.11:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2018.11:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2018.11:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.01:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.01:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.01:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.01:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.01:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.01:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.01:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.01:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.04:-:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.04:-:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.04:rc1:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.04:rc1:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.04:rc2:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.04:rc2:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.04:rc3:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.04:rc3:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.04:rc4:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.04:rc4:*:*:*:*:*:*
  • cpe:2.3:a:denx:u-boot:2019.07:rc4:*:*:*:*:*:*
    cpe:2.3:a:denx:u-boot:2019.07:rc4:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 18-04-2022 - 16:04)
Impact:
Exploitability:
CWE CWE-191
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
misc
suse
  • openSUSE-SU-2019:2233
  • openSUSE-SU-2019:2235
Last major update 18-04-2022 - 16:04
Published 06-08-2019 - 19:15
Last modified 18-04-2022 - 16:04
Back to Top