Homepage

uefi-firmware@1.10

Various data structures and parsing tools for UEFI firmware.

  • latest version

    1.11

  • first published

    10 years ago

  • latest version published

    2 years ago

  • licenses detected

  • View uefi-firmware package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the uefi-firmware package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Out-of-bounds Write

    Affected versions of this package are vulnerable to Out-of-bounds Write in the ReadCLen function of the Tiano decompressor. An attacker can cause a crash by supplying specially crafted compressed firmware data that triggers a heap out-of-bounds write during decompression.

    How to fix Out-of-bounds Write?

    A fix was pushed into the master branch but not yet published.

    [0,)
    • H
    Out-of-bounds Write

    Affected versions of this package are vulnerable to Out-of-bounds Write through the MakeTable in the decompression routine when bit-length values from a crafted firmware blob exceed the expected range, leading to stack memory corruption in the Count array and related decode tables. An attacker can achieve a crash in the context of the parsing process by supplying specially crafted input.

    How to fix Out-of-bounds Write?

    A fix was pushed into the master branch but not yet published.

    [0,)
    Go back to all versions of this package