CVE-2019-14192

Priority
Description
An issue was discovered in Das U-Boot through 2019.07. There is an
unbounded memcpy when parsing a UDP packet due to a
net_process_received_packet integer underflow during an nc_input_packet
call.
Notes
Package
Upstream:released (2020.01+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):needed
Ubuntu 20.10 (Groovy Gorilla):not-affected (2020.04+dfsg-2ubuntu1)
Patches:
Upstream:https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725
More Information

Updated: 2020-09-29 18:21:06 UTC (commit 4ef060a5e1b87739b14601e0382b934fa18e8f65)