CVE-2024-57257 — Vulnetix

CVE-2024-57257 PUBLISHED CVSS 2 LOW

A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.

EPSS 0.03% · 7.4th percentile

Risk Scores

CVSS 3.1

2

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.03%

7.4th percentile

Affected Products

Vendor	Product	Versions
denx	u-boot	0, 0
denx	U-Boot	0

Exploit Intelligence

CIRCL seen: CVE-2024-57257 (circl-sighting)
https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html (circl)
https://source.denx.de/u-boot/u-boot/-/commit/4f5cc096bfd0a591f8a11e86999e3d90a9484c34 (circl)
https://www.openwall.com/lists/oss-security/2025/02/17/2 (circl)

Timeline

Feb 18, 2025 CVE Published
Feb 18, 2025 PoC Published
Feb 19, 2025 EPSS Score
Mar 1, 2025 Coalition ESS Score
Mar 5, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Apr 3, 2025 EPSS Score
Apr 17, 2025 EPSS Score
May 2, 2025 EPSS Score
May 16, 2025 EPSS Score
May 30, 2025 EPSS Score
Jun 13, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›