github - ghsa-hpff-53rm-95gf

ghsa-hpff-53rm-95gf

Vulnerability from github

Published

2022-05-17 19:57

Modified

2022-05-17 19:57

Details

Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-4859"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-31T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.",
  "id": "GHSA-hpff-53rm-95gf",
  "modified": "2022-05-17T19:57:23Z",
  "published": "2022-05-17T19:57:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4859"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/552286"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2014-4859

Vulnerability from cvelistv5

Published

2020-01-31 15:08

Modified

2024-08-06 11:27

Severity

Summary

Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.

References

URL	Tags
http://www.kb.cert.org/vuls/id/552286	x_refsource_MISC

Impacted products

Vendor	Product
Phoenix Technologies Ltd.	SCT3
American Megatrends Incorporated (AMI)	BIOS

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/552286"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SCT3",
          "vendor": "Phoenix Technologies Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "before 5/23/2014"
            }
          ]
        },
        {
          "product": "BIOS",
          "vendor": "American Megatrends Incorporated (AMI)",
          "versions": [
            {
              "status": "affected",
              "version": "unknown"
            }
          ]
        }
      ],
      "datePublic": "2014-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-31T15:08:20",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/552286"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-4859",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SCT3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 5/23/2014"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Phoenix Technologies Ltd."
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "American Megatrends Incorporated (AMI)"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Integer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kb.cert.org/vuls/id/552286",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/552286"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2014-4859",
    "datePublished": "2020-01-31T15:08:20",
    "dateReserved": "2014-07-10T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.