CVE-2017-5735: Input Validation
First published: Mon Sep 24 2018(Updated: )
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
Credit: Intel Eclypsium Intel Eclypsium Intel Eclypsium Intel Eclypsium Intel Eclypsium cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ovmf | <0:20180508-6.gitee3198e672e2.el7 | 0:20180508-6.gitee3198e672e2.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT209139 (Advisory)
- https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
- https://bugzilla.tianocore.org/show_bug.cgi?id=686
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1641468
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1641467
- https://access.redhat.com/errata/RHSA-2019:2125
- https://access.redhat.com/security/cve/cve-2017-5735
- https://bugzilla.redhat.com/show_bug.cgi?id=1641465
- https://www.cve.org/CVERecord?id=CVE-2017-5735 https://nvd.nist.gov/vuln/detail/CVE-2017-5735 https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-5383
- CVE-2018-4295
- CVE-2018-4324
- CVE-2018-4417
- CVE-2018-4353
- CVE-2017-12613
- CVE-2017-12618
- CVE-2018-4411
- CVE-2018-4308
- CVE-2018-4321
- CVE-2018-4126
- CVE-2018-4412
- CVE-2018-4414
- CVE-2018-4347
- CVE-2018-4333
- CVE-2018-4153
- CVE-2018-4406
- CVE-2018-4346
- CVE-2018-4296
- CVE-2018-4433
- CVE-2019-8643
- CVE-2017-5731
- CVE-2017-5732
- CVE-2017-5733
- CVE-2017-5734
- CVE-2017-5735
- CVE-2018-4426
- CVE-2018-4331
- CVE-2018-4332
- CVE-2018-4343
- CVE-2018-3646
- CVE-2018-4355
- CVE-2018-4396
- CVE-2018-4418
- CVE-2018-4351
- CVE-2018-4350
- CVE-2018-4334
- CVE-2018-4451
- CVE-2018-4456
- CVE-2018-4408
- CVE-2018-4341
- CVE-2018-4354
- CVE-2018-4383
- CVE-2018-4401
- CVE-2018-4399
- CVE-2018-4407
- CVE-2018-4336
- CVE-2018-4337
- CVE-2018-4340
- CVE-2018-4344
- CVE-2018-4425
- CVE-2015-3194
- CVE-2015-5333
- CVE-2015-5334
- CVE-2016-0702
- CVE-2018-4348
- CVE-2018-4326
- CVE-2018-4310
- CVE-2018-3639
- CVE-2018-4395
- CVE-2016-1777
- CVE-2018-4393
- CVE-2018-4203
- CVE-2018-4304
- CVE-2018-4338
Frequently Asked Questions
What is CVE-2017-5735?
CVE-2017-5735 is a memory corruption issue in the firmware which has been fixed.
What is the severity of CVE-2017-5735?
The severity of CVE-2017-5735 is medium with a CVSS score of 6.7.
How does CVE-2017-5735 affect the affected software?
CVE-2017-5735 affects the 'ovmf' package on Red Hat Enterprise Linux 7 and macOS Mojave 10.14.
How can I fix CVE-2017-5735 on Red Hat Enterprise Linux 7?
To fix CVE-2017-5735 on Red Hat Enterprise Linux 7, update the 'ovmf' package to version 0:20180508-6.gitee3198e672e2.el7 or later.
How can I fix CVE-2017-5735 on macOS Mojave?
To fix CVE-2017-5735 on macOS Mojave, update to version 10.14 or later.
- collector/apple-support
- alias/CVE-2017-5732
- alias/CVE-2017-5733
- alias/CVE-2017-5734
- alias/CVE-2017-5735
- agent/software-canonical-lookup-request
- collector/redhat-cve
- collector/redhat-bugzilla
- source/Red Hat
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/status
- agent/tags
- agent/type
- agent/weakness
- vendor/apple
- canonical/apple macos mojave
- package-manager/redhat
- status/rejected