{"id":"CVE-2019-13106","details":"Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.","modified":"2026-04-10T04:14:36.761712Z","published":"2019-08-06T20:15:12.110Z","related":["SUSE-SU-2019:2474-1","SUSE-SU-2019:2475-1","SUSE-SU-2020:3256-1","openSUSE-SU-2019:2233-1","openSUSE-SU-2019:2235-1"],"references":[{"type":"WEB","url":"https://github.com/u-boot/u-boot/commits/master"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00002.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00004.html"},{"type":"ADVISORY","url":"https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75"},{"type":"FIX","url":"https://lists.denx.de/pipermail/u-boot/2019-July/375516.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/u-boot/u-boot","events":[{"introduced":"8cbb389bb3da80cbf8911f8386cbff92c6a78afe"},{"last_affected":"3c99166441bf3ea325af2da83cfe65430b49c066"},{"introduced":"0"},{"last_affected":"e5aee22e4be75e75a854ab64503fc80598bc2004"},{"introduced":"0"},{"last_affected":"a69120a0d7c8d4044cdaceea9eb03913ba4e49c7"},{"introduced":"0"},{"last_affected":"5b4b680cfe29a67171ccbe439c66374cb31faca3"},{"introduced":"0"},{"last_affected":"7c7919cd07b34a784ab321ab7578106c9e9bd753"},{"introduced":"0"},{"last_affected":"fc6c0e29a28f6b71dfb728b7f78e9e770f2cd218"}],"database_specific":{"versions":[{"introduced":"2016.09"},{"last_affected":"2019.04"},{"introduced":"0"},{"last_affected":"2019.07-NA"},{"introduced":"0"},{"last_affected":"2019.07-rc1"},{"introduced":"0"},{"last_affected":"2019.07-rc2"},{"introduced":"0"},{"last_affected":"2019.07-rc3"},{"introduced":"0"},{"last_affected":"2019.07-rc4"}]}}],"versions":["v2016.09","v2016.11","v2016.11-rc1","v2016.11-rc2","v2016.11-rc3","v2017.01","v2017.01-rc1","v2017.01-rc2","v2017.01-rc3","v2017.03","v2017.03-rc1","v2017.03-rc2","v2017.03-rc3","v2017.05","v2017.05-rc1","v2017.05-rc2","v2017.05-rc3","v2017.07","v2017.07-rc1","v2017.07-rc2","v2017.07-rc3","v2017.09","v2017.09-rc1","v2017.09-rc2","v2017.09-rc3","v2017.09-rc4","v2017.11","v2017.11-rc1","v2017.11-rc2","v2017.11-rc3","v2017.11-rc4","v2018.01","v2018.01-rc1","v2018.01-rc2","v2018.01-rc3","v2018.03","v2018.03-rc1","v2018.03-rc2","v2018.03-rc3","v2018.03-rc4","v2018.05","v2018.05-rc1","v2018.05-rc2","v2018.05-rc3","v2018.07","v2018.07-rc1","v2018.07-rc2","v2018.07-rc3","v2018.09","v2018.09-rc1","v2018.09-rc2","v2018.09-rc3","v2018.11","v2018.11-rc1","v2018.11-rc2","v2018.11-rc3","v2019.01","v2019.01-rc1","v2019.01-rc2","v2019.01-rc3","v2019.04","v2019.04-rc1","v2019.04-rc2","v2019.04-rc3","v2019.04-rc4","v2019.07","v2019.07-rc1","v2019.07-rc2","v2019.07-rc3","v2019.07-rc4"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13106.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}