Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-36764

Published: 09/01/2024 Updated: 13/03/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Edk2

Vulnerability Summary

Description<!---->A heap-based buffer overflow flaw was found via the Tcg2MeasurePeImage() function in EDK2. Successful exploitation requires a local malicious user to trigger an integer overflow in the calculation of the EventSize variable at DxeTpm2MeasureBootLib.c, leading to the heap-buffer overflow, presenting a moderate risk to confidentiality and integrity. However, the primary consequence is likely a crash or denial of service.A heap-based buffer overflow flaw was found via the Tcg2MeasurePeImage() function in EDK2. Successful exploitation requires a local malicious user to trigger an integer overflow in the calculation of the EventSize variable at DxeTpm2MeasureBootLib.c, leading to the heap-buffer overflow, presenting a moderate risk to confidentiality and integrity. However, the primary consequence is likely a crash or denial of service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tianocore edk2

Vendor Advisories

Debian CVElist Bug Report Logs: edk2: CVE-2022-36763 CVE-2022-36764 CVE-2022-36765
Debian Bug report logs - #1060408 edk2: CVE-2022-36763 CVE-2022-36764 CVE-2022-36765 Package: src:edk2; Maintainer for src:edk2 is Debian QEMU Team &lt;pkg-qemu-devel@listsaliothdebianorg&gt;; Reported by: Moritz Mühlenhoff &lt;jmm@inutilorg&gt; Date: Wed, 10 Jan 2024 19:48:02 UTC Severity: important Tags: security, upstrea ...
Amazon Linux 2: ALAS-2024-2465
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability (CVE-2022-36763) EDK2 is susceptible to a vulnerability in the Tcg2MeasurePe ...
Red Hat:
Description<!---->A heap-based buffer overflow flaw was found via the Tcg2MeasurePeImage() function in EDK2 Successful exploitation requires a local attacker to trigger an integer overflow in the calculation of the EventSize variable at DxeTpm2MeasureBootLibc, leading to the heap-buffer overflow, presenting a moderate risk to confidentiality and ...

References

CWE-119https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8jhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2465.htmlhttps://access.redhat.com/security/cve/cve-2022-36764
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook