Source: u-boot Version: 2024.01+dfsg-5 Severity: important Tags: security upstream Forwarded: https://lists.denx.de/pipermail/u-boot/2024-August/562528.html X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for u-boot. CVE-2024-42040[0]: | Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot | from its initial commit in 2002 (3861aa5) up to today on any | platform allows an attacker on the local network to leak memory from | four up to 32 bytes of memory stored behind the packet to the | network depending on the later use of DHCP-provided parameters via | crafted DHCP responses. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-42040 https://www.cve.org/CVERecord?id=CVE-2024-42040 [1] https://lists.denx.de/pipermail/u-boot/2024-August/562528.html [2] https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt Please adjust the affected versions in the BTS as needed. Regards, Salvatore