CVE-2024-42040

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-42040

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42040.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-42040

Downstream

DEBIAN-CVE-2024-42040

UBUNTU-CVE-2024-42040

Published

2024-08-23T15:15:16Z

Modified

2025-08-09T20:01:28Z

Summary

[none]

Details

Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.

References

https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt
https://github.com/u-boot/u-boot/tags
http://seclists.org/fulldisclosure/2024/Aug/38

CVE-2024-42040

Affected packages