CVE-2019-0160 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
intel	CNA	8.7 HIGH	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Vendor	Product	Version
tianocore	edk_ii	-
opensuse	leap	15.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux_eus	8.1
redhat	enterprise_linux_eus	8.2
redhat	enterprise_linux_eus	8.4
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	8.2
redhat	enterprise_linux_server_aus	8.4
redhat	enterprise_linux_server_tus	8.2
redhat	enterprise_linux_server_tus	8.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

edk2

bullseye (security)	2020.11-2+deb11u2 fixed
bullseye	2020.11-2+deb11u2 fixed
stretch	not-affected
bookworm	2022.11-6+deb12u1 fixed
bookworm (security)	2022.11-6+deb12u1 fixed
sid	2024.08-4 fixed
trixie	2024.08-4 fixed

Ubuntu Releases

Ubuntu Product

Codename

edk2

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	ignored
bionic	Fixed 0~20180205.c0d9813c-2ubuntu0.3+esm1 released
xenial	not-affected
trusty	dne

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html

https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html