USN-5088-1
See a problem?- Source
- https://ubuntu.com/security/notices/USN-5088-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5088-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-5088-1
- Related
- Published
- 2021-09-23T11:39:45.762649Z
- Modified
- 2021-09-23T11:39:45.762649Z
- Summary
- edk2 vulnerabilities
- Details
-
It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. (CVE-2019-11098)
Paul Kehrer discovered that OpenSSL used in EDK II incorrectly handled certain input lengths in EVP functions. An attacker could possibly use this issue to cause EDK II to crash, resulting in a denial of service. (CVE-2021-23840)
Ingo Schwarze discovered that OpenSSL used in EDK II incorrectly handled certain ASN.1 strings. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2021-3712)
It was discovered that EDK II incorrectly decoded certain strings. A remote attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-38575)
- References
Affected packages
Ubuntu:20.04:LTS / edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@0~20191122.bd85bf54-2ubuntu3.3?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0~20191122.bd85bf54-2ubuntu3.3