CVE-2017-5734: Input Validation
First published: Mon Sep 24 2018(Updated: )
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Credit: Intel Eclypsium Intel Eclypsium Intel Eclypsium Intel Eclypsium Intel Eclypsium cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ovmf | <0:20180508-6.gitee3198e672e2.el7 | 0:20180508-6.gitee3198e672e2.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT209139 (Advisory)
- https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
- https://bugzilla.tianocore.org/show_bug.cgi?id=686
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1641462
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1641461
- https://access.redhat.com/errata/RHSA-2019:2125
- https://access.redhat.com/security/cve/cve-2017-5734
- https://bugzilla.redhat.com/show_bug.cgi?id=1641458
- https://www.cve.org/CVERecord?id=CVE-2017-5734 https://nvd.nist.gov/vuln/detail/CVE-2017-5734 https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-5383
- CVE-2018-4295
- CVE-2018-4324
- CVE-2018-4417
- CVE-2018-4353
- CVE-2017-12613
- CVE-2017-12618
- CVE-2018-4411
- CVE-2018-4308
- CVE-2018-4321
- CVE-2018-4126
- CVE-2018-4412
- CVE-2018-4414
- CVE-2018-4347
- CVE-2018-4333
- CVE-2018-4153
- CVE-2018-4406
- CVE-2018-4346
- CVE-2018-4296
- CVE-2018-4433
- CVE-2019-8643
- CVE-2017-5731
- CVE-2017-5732
- CVE-2017-5733
- CVE-2017-5734
- CVE-2017-5735
- CVE-2018-4426
- CVE-2018-4331
- CVE-2018-4332
- CVE-2018-4343
- CVE-2018-3646
- CVE-2018-4355
- CVE-2018-4396
- CVE-2018-4418
- CVE-2018-4351
- CVE-2018-4350
- CVE-2018-4334
- CVE-2018-4451
- CVE-2018-4456
- CVE-2018-4408
- CVE-2018-4341
- CVE-2018-4354
- CVE-2018-4383
- CVE-2018-4401
- CVE-2018-4399
- CVE-2018-4407
- CVE-2018-4336
- CVE-2018-4337
- CVE-2018-4340
- CVE-2018-4344
- CVE-2018-4425
- CVE-2015-3194
- CVE-2015-5333
- CVE-2015-5334
- CVE-2016-0702
- CVE-2018-4348
- CVE-2018-4326
- CVE-2018-4310
- CVE-2018-3639
- CVE-2018-4395
- CVE-2016-1777
- CVE-2018-4393
- CVE-2018-4203
- CVE-2018-4304
- CVE-2018-4338
Frequently Asked Questions
What is CVE-2017-5734?
CVE-2017-5734 is a firmware vulnerability that involves a memory corruption issue that has been addressed with improved input validation.
What software is affected by CVE-2017-5734?
The affected software includes the ovmf package with version 0:20180508-6.gitee3198e672e2.el7 from Red Hat, and macOS Mojave version up to and excluding 10.14 from Apple.
What is the severity of CVE-2017-5734?
The severity of CVE-2017-5734 is medium, with a severity value of 6.7.
How can I fix CVE-2017-5734?
To fix CVE-2017-5734, ensure that you have installed the updated ovmf package with version 0:20180508-6.gitee3198e672e2.el7 from Red Hat, or update your macOS Mojave to a version higher than 10.14.
Where can I find more information about CVE-2017-5734?
You can find more information about CVE-2017-5734 at the following references: [Link 1](https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html), [Link 2](https://bugzilla.tianocore.org/show_bug.cgi?id=686), [Link 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1641462).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/status
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- alias/CVE-2017-5732
- alias/CVE-2017-5733
- alias/CVE-2017-5734
- alias/CVE-2017-5735
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- collector/redhat-cve
- vendor/apple
- canonical/apple macos mojave
- status/rejected
- package-manager/redhat