CVE-2019-0160

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-0160
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html
Configurations

Configuration 1 (hide)

cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
History

12 May 2023, 05:15

Type Values Removed Values Added
Summary Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2019:2125', 'name': 'https://access.redhat.com/errata/RHSA-2019:2125', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/', 'name': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2019:3338', 'name': 'https://access.redhat.com/errata/RHSA-2019:3338', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html', 'name': 'http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html', 'tags': [], 'refsource': 'MISC'}

12 May 2023, 04:15

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2019:2125 -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/ -
  • (MISC) https://access.redhat.com/errata/RHSA-2019:3338 -
  • (MISC) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html -

11 May 2023, 21:15

Type Values Removed Values Added
Summary Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2019:2125', 'name': 'RHSA-2019:2125', 'tags': ['Third Party Advisory'], 'refsource': 'REDHAT'}
  • {'url': 'http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html', 'name': 'openSUSE-SU-2019:1172', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'SUSE'}
  • {'url': 'https://edk2-docs.gitbooks.io/security-advisory/content/partitiondxe-and-udf-buffer-overflow.html', 'name': 'https://edk2-docs.gitbooks.io/security-advisory/content/partitiondxe-and-udf-buffer-overflow.html', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/', 'name': 'FEDORA-2019-d47a9d4b8b', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2019:3338', 'name': 'RHSA-2019:3338', 'tags': ['Third Party Advisory'], 'refsource': 'REDHAT'}
  • (MISC) https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html -

05 Apr 2022, 20:36

Type Values Removed Values Added
References (REDHAT) https://access.redhat.com/errata/RHSA-2019:3338 - (REDHAT) https://access.redhat.com/errata/RHSA-2019:3338 - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/ - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2019:2125 - (REDHAT) https://access.redhat.com/errata/RHSA-2019:2125 - Third Party Advisory
First Time Redhat enterprise Linux Server
Redhat enterprise Linux Eus
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Server Aus
Fedoraproject fedora
Redhat enterprise Linux
Redhat
Fedoraproject
CPE cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
CWE CWE-119 CWE-787
Information

Published : 2019-03-27 20:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-0160

Mitre link : CVE-2019-0160

CVE.ORG link : CVE-2019-0160

JSON object : View

Products Affected

redhat

  • enterprise_linux_server_tus
  • enterprise_linux_server
  • enterprise_linux_server_aus
  • enterprise_linux
  • enterprise_linux_eus

tianocore

  • edk_ii

opensuse

  • leap

fedoraproject

  • fedora
CWE
CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')