CVE-2017-5731: Input Validation

Reference Links

• https://support.apple.com/en-us/HT209139 (Advisory)
• https://bugzilla.tianocore.org/show_bug.cgi?id=686
• https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1641444
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1641443
• https://access.redhat.com/errata/RHSA-2019:2125
• https://access.redhat.com/security/cve/cve-2017-5731
• https://bugzilla.redhat.com/show_bug.cgi?id=1641442
• https://www.cve.org/CVERecord?id=CVE-2017-5731 https://nvd.nist.gov/vuln/detail/CVE-2017-5731 https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html

Parent vulnerabilities

(Appears in the following advisories)

• HT209139
• RHSA-2019:2125

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2018-5383
• CVE-2018-4295
• CVE-2018-4324
• CVE-2018-4417
• CVE-2018-4353
• CVE-2017-12613
• CVE-2017-12618
• CVE-2018-4411
• CVE-2018-4308
• CVE-2018-4321
• CVE-2018-4126
• CVE-2018-4412
• CVE-2018-4414
• CVE-2018-4347
• CVE-2018-4333
• CVE-2018-4153
• CVE-2018-4406
• CVE-2018-4346
• CVE-2018-4296
• CVE-2018-4433
• CVE-2019-8643
• CVE-2017-5731
• CVE-2017-5732
• CVE-2017-5733
• CVE-2017-5734
• CVE-2017-5735
• CVE-2018-4426
• CVE-2018-4331
• CVE-2018-4332
• CVE-2018-4343
• CVE-2018-3646
• CVE-2018-4355
• CVE-2018-4396
• CVE-2018-4418
• CVE-2018-4351
• CVE-2018-4350
• CVE-2018-4334
• CVE-2018-4451
• CVE-2018-4456
• CVE-2018-4408
• CVE-2018-4341
• CVE-2018-4354
• CVE-2018-4383
• CVE-2018-4401
• CVE-2018-4399
• CVE-2018-4407
• CVE-2018-4336
• CVE-2018-4337
• CVE-2018-4340
• CVE-2018-4344
• CVE-2018-4425
• CVE-2015-3194
• CVE-2015-5333
• CVE-2015-5334
• CVE-2016-0702
• CVE-2018-4348
• CVE-2018-4326
• CVE-2018-4310
• CVE-2018-3639
• CVE-2018-4395
• CVE-2016-1777
• CVE-2018-4393
• CVE-2018-4203
• CVE-2018-4304
• CVE-2018-4338

Frequently Asked Questions

• What is CVE-2017-5731?

  CVE-2017-5731 is a vulnerability in Tianocompress that can potentially enable an escalation of privilege via local access.

• What is the severity of CVE-2017-5731?

  The severity of CVE-2017-5731 is medium, with a severity score of 6.7.

• How does CVE-2017-5731 affect me?

  CVE-2017-5731 may affect you if you are using the affected version of Tianocompress before November 7, 2017.

• How can I fix CVE-2017-5731?

  To fix CVE-2017-5731, update to the remedy version 0:20180508-6.gitee3198e672e2.el7 of the ovmf package provided by Red Hat.

• Where can I find more information about CVE-2017-5731?

  You can find more information about CVE-2017-5731 in the references provided: [CVE-2017-5731](https://www.cve.org/CVERecord?id=CVE-2017-5731), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2017-5731), [EDK II Security Advisory](https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1641442), [Red Hat Errata](https://access.redhat.com/errata/RHSA-2019:2125).