CVE-2021-2821011.06.2021, 16:15An unlimited recursion in DxeCore in EDK II.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.8 HIGHLOCALLOWLOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HTianoCoreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 18%VendorProductVersiontianocoreedk2𝑥< 202008𝑥= Vulnerable software versionsDebian ReleasesDebian ProductCodenameedk2bullseye (security)2020.11-2+deb11u2fixedbullseye2020.11-2+deb11u2fixedbusterno-dsabookworm2022.11-6+deb12u1fixedbookworm (security)2022.11-6+deb12u1fixedsid2024.08-4fixedtrixie2024.08-4fixedUbuntu ReleasesUbuntu ProductCodenameedk2noblenot-affectedmanticnot-affectedlunarnot-affectedkineticnot-affectedjammynot-affectedimpishnot-affectedhirsutenot-affectedgroovyFixed 2020.05-5ubuntu0.2releasedfocalFixed 0~20191122.bd85bf54-2ubuntu3.2releasedbionicneeds-triagexenialneeds-triagetrustydneKnown Exploits!https://bugzilla.tianocore.org/show_bug.cgi?id=1743https://bugzilla.tianocore.org/show_bug.cgi?id=1743Common Weakness EnumerationCWE-674 - Uncontrolled RecursionThe product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.Referenceshttps://bugzilla.tianocore.org/show_bug.cgi?id=1743https://bugzilla.tianocore.org/show_bug.cgi?id=1743
