UBUNTU-CVE-2024-42040

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-42040

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-42040.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-42040

Related

CVE-2024-42040

Published

2024-08-23T15:15:00Z

Modified

2025-01-13T10:25:47Z

Summary

[none]

Details

Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.

References

Affected packages

Ubuntu:Pro:16.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2016.01+dfsg1-2ubuntu5?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2015.*

2015.04+dfsg1-2ubuntu1

2015.10+dfsg1-2

2015.10+dfsg1-3

2015.10+dfsg1-4

2016.*

2016.01+dfsg1-1

2016.01+dfsg1-1ubuntu1

2016.01+dfsg1-2ubuntu1

2016.01+dfsg1-2ubuntu2

2016.01+dfsg1-2ubuntu3

2016.01+dfsg1-2ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2020.10+dfsg-1ubuntu0~18.04.3?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2016.*

2016.03+dfsg1-6ubuntu2

2018.*

2018.07~rc3+dfsg1-0ubuntu1~18.04.1

2018.07~rc3+dfsg1-0ubuntu2~18.04.1

2018.07~rc3+dfsg1-0ubuntu3~18.04.1

2019.*

2019.07+dfsg-1ubuntu4~18.04.1

2020.*

2020.10+dfsg-1ubuntu0~18.04.2

2020.10+dfsg-1ubuntu0~18.04.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2021.01+dfsg-3ubuntu0~20.04.6?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2019.*

2019.07+dfsg-1ubuntu3

2019.07+dfsg-1ubuntu5

2019.07+dfsg-1ubuntu6

2020.*

2020.10+dfsg-1ubuntu0~20.04.2

2021.*

2021.01+dfsg-3ubuntu0~20.04.1

2021.01+dfsg-3ubuntu0~20.04.3

2021.01+dfsg-3ubuntu0~20.04.4

2021.01+dfsg-3ubuntu0~20.04.5

2021.01+dfsg-3ubuntu0~20.04.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2022.01+dfsg-2ubuntu2.6?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2021.*

2021.07+dfsg-0ubuntu8

2021.07+dfsg-0ubuntu9

2021.07+dfsg-0ubuntu10

2022.*

2022.01+dfsg-2ubuntu1

2022.01+dfsg-2ubuntu2

2022.01+dfsg-2ubuntu2.1

2022.01+dfsg-2ubuntu2.3

2022.01+dfsg-2ubuntu2.4

2022.01+dfsg-2ubuntu2.5

2022.01+dfsg-2ubuntu2.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / u-boot-nezha

Package

Name: u-boot-nezha
Purl: pkg:deb/ubuntu/u-boot-nezha@2022.04+git20220405.7446a472-0ubuntu0.4?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2021.*

2021.09+git20211008.62392d3-0ubuntu1

2022.*

2022.04+git20220405.7446a472-0ubuntu0.1

2022.04+git20220405.7446a472-0ubuntu0.2

2022.04+git20220405.7446a472-0ubuntu0.3

2022.04+git20220405.7446a472-0ubuntu0.4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2024.01+dfsg-5ubuntu2?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2024.*

2024.01+dfsg-1ubuntu5

2024.01+dfsg-1ubuntu6

2024.01+dfsg-5ubuntu1

2024.01+dfsg-5ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / u-boot-nezha

Package

Name: u-boot-nezha
Purl: pkg:deb/ubuntu/u-boot-nezha@2024.01~rc1-190-g2e89b706f5-0ubuntu3?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2024.*

2024.01~rc1-190-g2e89b706f5-0ubuntu2

2024.01~rc1-190-g2e89b706f5-0ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / u-boot

Package

Name: u-boot
Purl: pkg:deb/ubuntu/u-boot@2024.01+dfsg-1ubuntu5.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.07+dfsg-1ubuntu2

2024.*

2024.01+dfsg-1ubuntu1

2024.01+dfsg-1ubuntu2

2024.01+dfsg-1ubuntu3

2024.01+dfsg-1ubuntu4

2024.01+dfsg-1ubuntu5

2024.01+dfsg-1ubuntu5.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / u-boot-nezha

Package

Name: u-boot-nezha
Purl: pkg:deb/ubuntu/u-boot-nezha@2024.01~rc1-190-g2e89b706f5-0ubuntu2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2022.*

2022.10-1089-g528ae9bc6c-0ubuntu2

2024.*

2024.01~rc1-190-g2e89b706f5-0ubuntu1

2024.01~rc1-190-g2e89b706f5-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}