VDB

CVE-2022-33967

CVE-2022-33967 PUBLISHED CVSS 6.599999904632568 MEDIUM

U-Boot is a boot loader for multiple platforms, and squashfs filesystem feature is provided since v2020.10-rc2 (commit c5100613). squashfs filesystem implementation of U-Boot contains a heap-based buffer overflow vulnerability (CWE-122) due to a defect in the metadata reading process. Tatsuhiko Yasumatsu of Sony Corporation reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated between the reporter and the developer.

EPSS 0.56% · 68.6th percentile

Risk Scores

CVSS 3.0
6.599999904632568
CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.56%
68.6th percentile

Affected Products

VendorProductVersions
DENX Software EngineeringU-Boot

Timeline

  • Jul 20, 2022 EPSS Score
  • Jul 20, 2022 CVE Published
  • Sep 5, 2022 EPSS Score
  • Oct 22, 2022 EPSS Score
  • Dec 8, 2022 EPSS Score
  • Jan 24, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • Apr 27, 2023 EPSS Score
  • Jun 13, 2023 EPSS Score
  • Jul 30, 2023 EPSS Score
  • Sep 15, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›