REDHAT-BUG-1956284: Buffer Overflow
First published: Mon May 03 2021(Updated: )
Function IscsiMisc.c:IScsiHexToBin() in NetworkPkg/IScsiDxe does not correctly check the sizes of the input and output buffers, allowing an attacker who can control the input buffer to cause a buffer overflow in the destination buffer. Function IScsiHexToBin is used to decode strings passed as part of iSCSI Challenge-Handshake Authentication Protocol(CHAP), before authentication takes place. Thus an attacker, who can either inject himself in the communication between edk2 and the iSCSI target or control the iSCSI target used by edk2, can trigger this flaw and potentially execute code in the edk2 firmware. Upstream bug: <a href="https://bugzilla.tianocore.org/show_bug.cgi?id=3356">https://bugzilla.tianocore.org/show_bug.cgi?id=3356</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tianocore EDK II |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.tianocore.org/show_bug.cgi?id=3356
- https://bugzilla.tianocore.org/show_bug.cgi?id=3356#c5
- https://bugzilla.tianocore.org/show_bug.cgi?id=3356#c17
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1956284#c9
- https://listman.redhat.com/archives/edk2-devel-archive/2021-June/msg00316.html
- https://edk2.groups.io/g/devel/message/76198
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1969442
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1969443
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1956284#c29
- https://github.com/tianocore/edk2/pull/1698
- https://access.redhat.com/errata/RHSA-2021:3066
- https://access.redhat.com/errata/RHSA-2021:3172
- https://access.redhat.com/errata/RHSA-2021:3235
- https://access.redhat.com/errata/RHSA-2021:3369
- https://bugzilla.redhat.com/show_bug.cgi?id=1956284
Frequently Asked Questions
What is the severity of REDHAT-BUG-1956284?
The severity of REDHAT-BUG-1956284 is considered high due to the potential for buffer overflow vulnerabilities.
How do I fix REDHAT-BUG-1956284?
To fix REDHAT-BUG-1956284, you should update to a patched version of TianoCore EDK II that addresses the vulnerability.
What type of vulnerability is REDHAT-BUG-1956284?
REDHAT-BUG-1956284 is a buffer overflow vulnerability that arises from improper size checking in the IScsiHexToBin function.
Who is affected by REDHAT-BUG-1956284?
Users of the TianoCore EDK II software are affected by REDHAT-BUG-1956284 if they utilize the IScsiHexToBin function.
Can REDHAT-BUG-1956284 be exploited remotely?
Yes, an attacker who can control the input buffer may exploit REDHAT-BUG-1956284 remotely to cause a buffer overflow.
- agent/type
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-38575
- agent/first-publish-date
- agent/source
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/tianocore
- canonical/tianocore edk ii