CVE-2022-33967
- Source
- https://cve.org/CVERecord?id=CVE-2022-33967
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-33967.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-33967
- Downstream
- Related
- Published
- 2022-07-20T06:15:22Z
- Modified
- 2026-05-28T04:08:07.182365940Z
- Summary
- [none]
- Details
-
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/33xxx/CVE-2022-33967.json", "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "versions from v2020.10-rc2 to v2022.07-rc5" } ], "source": "AFFECTED_FIELD" } ], "cna_assigner": "jpcert" }- References
-
- https://jvn.jp/en/vu/JVNVU97846460/index.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html
- https://lists.denx.de/pipermail/u-boot/2022-June/487467.html
- https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44
- https://www.denx.de/project/u-boot/
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/33xxx/CVE-2022-33967.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-33967
Affected packages
Git / github.com/u-boot/u-boot
Affected ranges
- Type
- GIT
- Repo
- https://github.com/u-boot/u-boot
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "2020.10-rc2" }, { "last_affected": "2020.10-rc3" }, { "last_affected": "2020.10-rc4" }, { "last_affected": "2020.10-rc5" }, { "last_affected": "2021.01-NA" }, { "last_affected": "2021.01-rc1" }, { "last_affected": "2021.01-rc2" }, { "last_affected": "2021.01-rc3" }, { "last_affected": "2021.01-rc4" }, { "last_affected": "2021.01-rc5" }, { "last_affected": "2021.04-rc1" }, { "last_affected": "2021.04-rc2" }, { "last_affected": "2022.01-NA" }, { "last_affected": "2022.01-rc1" }, { "last_affected": "2022.01-rc2" }, { "last_affected": "2022.01-rc3" }, { "last_affected": "2022.01-rc4" }, { "last_affected": "2022.04-NA" }, { "last_affected": "2022.04-rc1" }, { "last_affected": "2022.04-rc2" }, { "last_affected": "2022.04-rc3" }, { "last_affected": "2022.04-rc4" }, { "last_affected": "2022.04-rc5" }, { "last_affected": "2022.07-rc1" }, { "last_affected": "2022.07-rc2" }, { "last_affected": "2022.07-rc3" }, { "last_affected": "2022.07-rc4" }, { "last_affected": "2022.07-rc5" } ], "source": "CPE_STRING", "cpe": [ "cpe:2.3:a:denx:u-boot:2020.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2020.10:rc3:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2020.10:rc4:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2020.10:rc5:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2021.01:-:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2021.01:rc1:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2021.01:rc2:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2021.01:rc3:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2021.01:rc4:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2021.01:rc5:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2021.04:rc1:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2021.04:rc2:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.01:-:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.01:rc1:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.01:rc2:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.01:rc3:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.01:rc4:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.04:-:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.04:rc1:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.04:rc2:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.04:rc3:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.04:rc4:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.04:rc5:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.07:rc1:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.07:rc2:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.07:rc3:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.07:rc4:*:*:*:*:*:*", "cpe:2.3:a:denx:u-boot:2022.07:rc5:*:*:*:*:*:*" ] }
Affected versions
Other
LABEL_2002_11_05_0120
LABEL_2002_11_05_1735
LABEL_2002_11_10_2310
LABEL_2002_11_11_2211
LABEL_2002_11_18_0115
LABEL_2002_11_22_0015
LABEL_2002_12_03_2230
LABEL_2002_12_07_0120
LABEL_2002_12_21_0040
LABEL_2002_12_28_1700
LABEL_2003_01_11_1050
LABEL_2003_01_14_0055
LABEL_2003_02_28_0150
LABEL_2003_03_06_0050
LABEL_2003_03_06_0200
LABEL_2003_03_06_1440
LABEL_2003_03_06_2255
LABEL_2003_03_14_2150
LABEL_2003_03_25_1830
LABEL_2003_03_26_1300
LABEL_2003_03_27_1900
LABEL_2003_04_05_0300
LABEL_2003_04_15_1900
LABEL_2003_05_03_1700
LABEL_2003_05_12_2355
LABEL_2003_05_20_1630
LABEL_2003_05_20_2250
LABEL_2003_05_22_2230
LABEL_2003_05_23_0055
LABEL_2003_05_23_1450
LABEL_2003_05_30_1450
LABEL_2003_05_31_2115
LABEL_2003_06_04_0200
LABEL_2003_06_05_2140
LABEL_2003_06_16_0055
LABEL_2003_06_22_1530
LABEL_2003_06_26_2220
LABEL_2003_06_27_2340
LABEL_2003_06_29_0145
LABEL_2003_09_06_0055
LABEL_2003_09_12_0110
LABEL_2003_09_12_1745
LABEL_2003_09_13_2100
LABEL_2003_09_16_2310
LABEL_2003_09_18_2045
LABEL_2003_10_01_1830
LABEL_2003_10_06_2355
LABEL_2003_10_09_1515
LABEL_2003_10_09_2320
LABEL_2003_10_10_1200
LABEL_2003_10_14_2140
LABEL_2003_10_16_0200
LABEL_2003_10_20_0025
LABEL_2003_11_26_MKR
LABEL_2003_12_06_1550
LABEL_2004_01_21_2110
LABEL_2004_01_29_1030
LABEL_2004_02_11_2240
LABEL_2004_02_20_2310
LABEL_2004_02_24_0305
LABEL_2004_03_12_0130
LABEL_2004_03_14_2340
LABEL_2004_03_16_2330
LABEL_2004_03_25_1630
LABEL_2004_04_18_2135
LABEL_2004_04_23_2240
LABEL_2004_05_19_2335
LABEL_2004_05_29_1850
LABEL_2004_06_24_1800
LABEL_2004_07_01_1200
LABEL_2004_08_28_2355
LABEL_2004_08_29_0045
LABEL_2004_09_09_0000
LABEL_2004_10_12_0110
LABEL_2004_10_20_0020
LABEL_2004_11_17_2222
LABEL_2004_11_25_0035
LABEL_2004_12_18_2335
LABEL_2004_12_19_1100
LABEL_2004_12_19_2240
LABEL_2004_12_20_1220
LABEL_2005_01_31_2245
LABEL_2005_02_07_2045
LABEL_2005_02_08_1615
LABEL_2005_02_28_0050
LABEL_2005_03_06_0225
LABEL_2005_03_15_0125
LABEL_2005_04_05_1830
LABEL_2005_04_05_2345
LABEL_2005_04_14_0115
LABEL_2005_05_05_1920
LABEL_2005_05_09_1245
LABEL_2005_05_13_0050
LABEL_2005_07_04_0202
LABEL_2005_09_15_2320
LABEL_2006_04_18_1106
LABEL_2006_05_10_1800
LABEL_2006_05_19_1133
LABEL_2006_06_30_2020
U-Boot-0_2_0
U-Boot-0_3_0
U-Boot-0_3_1
U-Boot-0_4_0
U-Boot-0_4_1
U-Boot-0_4_2
U-Boot-0_4_3
U-Boot-0_4_4
U-Boot-0_4_5
U-Boot-0_4_6
U-Boot-0_4_7
U-Boot-0_4_8
U-Boot-1_0_0
U-Boot-1_0_1
U-Boot-1_0_2
U-Boot-1_1_0
U-Boot-1_1_1
U-Boot-1_1_2
U-Boot-1_1_3
U-Boot-1_1_4
U-Boot-1_1_6
U-Boot-1_2_0
v1.*
v1.3.1
v1.3.1-rc1
v1.3.2
v1.3.2-rc2
v1.3.2-rc3
v1.3.3
v1.3.3-rc1
v1.3.3-rc2
v1.3.3-rc3
v2008.*
v2008.10-rc2
v2009.*
v2009.01
v2009.01-rc1
v2009.01-rc2
v2009.01-rc3
v2009.03
v2009.03-rc1
v2009.03-rc2
v2009.06
v2009.06-rc1
v2009.06-rc2
v2009.06-rc3
v2009.08
v2009.08-rc1
v2009.08-rc2
v2009.08-rc3
v2009.11
v2009.11-rc1
v2009.11-rc2
v2010.*
v2010.03
v2010.03-rc1
v2010.03-rc2
v2010.03-rc3
v2010.06-rc1
v2010.06-rc2
v2010.09
v2010.09-rc1
v2010.12
v2010.12-rc1
v2010.12-rc2
v2010.12-rc3
v2011.*
v2011.03
v2011.03-rc1
v2011.03-rc2
v2011.06
v2011.06-rc1
v2011.06-rc2
v2011.06-rc3
v2011.09
v2011.09-rc1
v2011.09-rc2
v2011.12
v2011.12-rc1
v2011.12-rc2
v2011.12-rc3
v2012.*
v2012.04
v2012.04-rc1
v2012.04-rc2
v2012.04-rc3
v2012.04.01
v2012.07
v2012.07-rc1
v2012.07-rc2
v2012.07-rc3
v2012.10
v2012.10-rc1
v2012.10-rc2
v2012.10-rc3
v2013.*
v2013.01
v2013.01-rc1
v2013.01-rc2
v2013.01-rc3
v2013.04
v2013.04-rc1
v2013.04-rc2
v2013.04-rc3
v2013.07
v2013.07-rc1
v2013.07-rc2
v2013.07-rc3
v2013.10
v2013.10-rc1
v2013.10-rc2
v2013.10-rc3
v2013.10-rc4
v2014.*
v2014.01-rc1
v2014.04
v2014.07
v2014.07-rc1
v2014.07-rc2
v2014.07-rc3
v2014.07-rc4
v2014.10
v2014.10-rc1
v2014.10-rc2
v2014.10-rc3
v2015.*
v2015.01
v2015.01-rc1
v2015.01-rc2
v2015.01-rc3
v2015.01-rc4
v2015.04
v2015.04-rc1
v2015.04-rc2
v2015.04-rc3
v2015.04-rc4
v2015.04-rc5
v2015.07
v2015.07-rc1
v2015.07-rc2
v2015.07-rc3
v2015.10
v2015.10-rc1
v2015.10-rc2
v2015.10-rc3
v2015.10-rc4
v2015.10-rc5
v2016.*
v2016.01
v2016.01-rc1
v2016.01-rc2
v2016.01-rc3
v2016.01-rc4
v2016.03
v2016.03-rc1
v2016.03-rc2
v2016.03-rc3
v2016.05
v2016.05-rc1
v2016.05-rc2
v2016.05-rc3
v2016.07
v2016.07-rc1
v2016.07-rc2
v2016.07-rc3
v2016.09
v2016.09-rc1
v2016.09-rc2
v2016.11
v2016.11-rc1
v2016.11-rc2
v2016.11-rc3
v2017.*
v2017.01
v2017.01-rc1
v2017.01-rc2
v2017.01-rc3
v2017.03
v2017.03-rc1
v2017.03-rc2
v2017.03-rc3
v2017.05
v2017.05-rc1
v2017.05-rc2
v2017.05-rc3
v2017.07
v2017.07-rc1
v2017.07-rc2
v2017.07-rc3
v2017.09
v2017.09-rc1
v2017.09-rc2
v2017.09-rc3
v2017.09-rc4
v2017.11
v2017.11-rc1
v2017.11-rc2
v2017.11-rc3
v2017.11-rc4
v2018.*
v2018.01
v2018.01-rc1
v2018.01-rc2
v2018.01-rc3
v2018.03
v2018.03-rc1
v2018.03-rc2
v2018.03-rc3
v2018.03-rc4
v2018.05
v2018.05-rc1
v2018.05-rc2
v2018.05-rc3
v2018.07
v2018.07-rc1
v2018.07-rc2
v2018.07-rc3
v2018.09
v2018.09-rc1
v2018.09-rc2
v2018.09-rc3
v2018.11
v2018.11-rc1
v2018.11-rc2
v2018.11-rc3
v2019.*
v2019.01
v2019.01-rc1
v2019.01-rc2
v2019.01-rc3
v2019.04
v2019.04-rc1
v2019.04-rc2
v2019.04-rc3
v2019.04-rc4
v2019.07
v2019.07-rc1
v2019.07-rc2
v2019.07-rc3
v2019.07-rc4
v2019.10
v2019.10-rc1
v2019.10-rc2
v2019.10-rc3
v2019.10-rc4
v2020.*
v2020.01
v2020.01-rc1
v2020.01-rc2
v2020.01-rc3
v2020.01-rc4
v2020.01-rc5
v2020.04
v2020.04-rc1
v2020.04-rc2
v2020.04-rc3
v2020.04-rc4
v2020.04-rc5
v2020.07
v2020.07-rc1
v2020.07-rc2
v2020.07-rc3
v2020.07-rc4
v2020.07-rc5
v2020.10
v2020.10-rc1
v2020.10-rc2
v2020.10-rc3
v2020.10-rc4
v2020.10-rc5
v2021.*
v2021.01
v2021.01-rc1
v2021.01-rc2
v2021.01-rc3
v2021.01-rc4
v2021.01-rc5
v2021.04
v2021.04-rc1
v2021.04-rc2
v2021.04-rc3
v2021.04-rc4
v2021.04-rc5
v2021.07
v2021.07-rc1
v2021.07-rc2
v2021.07-rc3
v2021.07-rc4
v2021.07-rc5
v2021.10
v2021.10-rc1
v2021.10-rc2
v2021.10-rc3
v2021.10-rc4
v2021.10-rc5
v2022.*
v2022.01
v2022.01-rc1
v2022.01-rc2
v2022.01-rc3
v2022.01-rc4
v2022.04
v2022.04-rc1
v2022.04-rc2
v2022.04-rc3
v2022.04-rc4
v2022.04-rc5
v2022.07-rc1
v2022.07-rc2
v2022.07-rc3
v2022.07-rc4
v2022.07-rc5