CVE-2019-13103 - OpenCVE

A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Denx	U-boot

Configuration 1 [-]

OR	cpe:2.3:a:denx:u-boot::::::::
	cpe:2.3:a:denx:u-boot:2019.04:-::::::
	cpe:2.3:a:denx:u-boot:2019.04:rc1::::::
	cpe:2.3:a:denx:u-boot:2019.04:rc2::::::
	cpe:2.3:a:denx:u-boot:2019.04:rc3::::::
	cpe:2.3:a:denx:u-boot:2019.04:rc4::::::
	cpe:2.3:a:denx:u-boot:2019.07:rc1::::::
	cpe:2.3:a:denx:u-boot:2019.07:rc2::::::
	cpe:2.3:a:denx:u-boot:2019.07:rc3::::::
	cpe:2.3:a:denx:u-boot:2019.07:rc4::::::

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdf	Third Party Advisory
https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75	Third Party Advisory
https://github.com/u-boot/u-boot/commits/master	Patch Third Party Advisory
https://lists.denx.de/pipermail/u-boot/2019-July/375512.html	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-29T14:52:02

Updated: 2019-12-10T13:06:03

Reserved: 2019-06-30T00:00:00

Link: CVE-2019-13103

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-07-29T15:15:12.390

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-13103

JSON object: View

Redhat Information

No data.

CWE

CWE-674

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-10T13:06:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/u-boot/u-boot/commits/master"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.denx.de/pipermail/u-boot/2019-July/375512.html"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13103", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/u-boot/u-boot/commits/master", "refsource": "MISC", "url": "https://github.com/u-boot/u-boot/commits/master"}, {"name": "https://lists.denx.de/pipermail/u-boot/2019-July/375512.html", "refsource": "MISC", "url": "https://lists.denx.de/pipermail/u-boot/2019-July/375512.html"}, {"name": "https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75", "refsource": "MISC", "url": "https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13103", "datePublished": "2019-07-29T14:52:02", "dateReserved": "2019-06-30T00:00:00", "dateUpdated": "2019-12-10T13:06:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CE34963-D56A-47B2-B806-13932FF2279D", "versionEndExcluding": "2019.04", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2019.04:-:*:*:*:*:*:*", "matchCriteriaId": "66CA6618-F036-445D-A72D-E0A974545C82", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2019.04:rc1:*:*:*:*:*:*", "matchCriteriaId": "80AA22EE-9DCB-4E79-B848-10A9C33A17E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2019.04:rc2:*:*:*:*:*:*", "matchCriteriaId": "23BF77D6-82EB-42F4-81EB-BF97A9FCDC21", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2019.04:rc3:*:*:*:*:*:*", "matchCriteriaId": "275FA806-F592-4EE9-8AD7-D29A93443003", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2019.04:rc4:*:*:*:*:*:*", "matchCriteriaId": "ED14D8C5-6253-4176-A251-9051C70E7F63", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2019.07:rc1:*:*:*:*:*:*", "matchCriteriaId": "75689E3C-FBB6-46B5-B59C-41D244702158", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2019.07:rc2:*:*:*:*:*:*", "matchCriteriaId": "9358D79B-256E-4AEA-BE6B-A182AA4AE861", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2019.07:rc3:*:*:*:*:*:*", "matchCriteriaId": "6AAFACF6-606C-4429-B680-01D3C4A98BC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2019.07:rc4:*:*:*:*:*:*", "matchCriteriaId": "27B38F3B-75C0-4067-857F-C78160493D17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data."}, {"lang": "es", "value": "Una tabla de partici\u00f3n autorreferencial DOS especialmente dise\u00f1ada, causar\u00e1 que todas las versiones hasta 2019.07-rc4 de Das U-Boot se repitan infinitamente, haciendo que la pila crezca infinitamente y eventualmente se bloquee o sobrescriba otros datos."}], "id": "CVE-2019-13103", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-29T15:15:12.390", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/u-boot/u-boot/commits/master"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.denx.de/pipermail/u-boot/2019-July/375512.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}]}