VDB
CVE-2022-33967
CVE-2022-33967
PUBLISHED
CVSS 6.599999904632568 MEDIUM
U-Boot is a boot loader for multiple platforms, and squashfs filesystem feature is provided since v2020.10-rc2 (commit c5100613). squashfs filesystem implementation of U-Boot contains a heap-based buffer overflow vulnerability (CWE-122) due to a defect in the metadata reading process. Tatsuhiko Yasumatsu of Sony Corporation reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated between the reporter and the developer.
EPSS 0.56% · 68.6th percentile
Risk Scores
CVSS 3.0
6.599999904632568
CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.56%
68.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| DENX Software Engineering | U-Boot |
Exploit Intelligence
- https://lists.denx.de/pipermail/u-boot/2022-June/487467.html (nist-nvd)
- https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html (circl)
- https://www.denx.de/project/u-boot/ (circl)
- https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44 (circl)
- https://jvn.jp/en/vu/JVNVU97846460/index.html (circl)
Timeline
- Jul 20, 2022 EPSS Score
- Jul 20, 2022 CVE Published
- Sep 5, 2022 EPSS Score
- Oct 22, 2022 EPSS Score
- Dec 8, 2022 EPSS Score
- Jan 24, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 13, 2023 EPSS Score
- Jul 30, 2023 EPSS Score
- Sep 15, 2023 EPSS Score