{"id":"CVE-2020-13910","details":"Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.","modified":"2026-07-08T16:26:54.972766Z","published":"2020-06-07T20:15:10.217Z","references":[{"type":"FIX","url":"https://git.pengutronix.de/cgit/barebox/commit/net/nfs.c?h=next&id=c0f0cbd1759a6ca6cbda4001dff5764f6633c825"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/barebox/barebox","events":[{"introduced":"0"},{"last_affected":"cff4868b6d11f1c9e296fea8ca1da1224bde7f39"}],"database_specific":{"cpe":"cpe:2.3:a:pengutronix:barebox:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"last_affected":"2020.05.0"}]}}],"versions":["v2020.05.0","v2020.04.0","v2020.03.0","v2020.02.0","v2020.01.0","v2019.12.0","v2019.11.0","v2019.10.0","v2019.09.0","v2019.08.0","v2019.07.0","v2019.06.0","v2019.05.0","v2019.04.0","v2019.03.0","v2019.02.0","v2019.01.0","v2018.12.0","v2018.11.0","v2018.10.0","v2018.09.0","v2018.08.0","v2018.07.0","v2018.06.0","v2018.05.0","v2018.04.0","v2018.03.0","v2018.02.0","v2018.01.0","v2017.12.0","v2017.11.0","v2017.10.0","v2017.09.0","v2017.08.0","v2017.07.0","v2017.06.0","v2017.05.0","v2017.04.0","v2017.03.0","v2017.02.0","v2017.01.0","v2016.11.0","v2016.10.0","v2016.08.0","v2016.09.0","v2016.07.0","v2016.06.0","v2016.05.0","v2016.04.0","v2016.03.0","v2016.02.0","v2016.01.0","v2015.12.0","v2015.11.0","v2015.10.0","v2015.09.0","v2015.08.0","v2015.07.0","v2015.06.0","v2015.05.0","v2015.04.0","v2015.03.0","v2015.02.0","v2015.01.0","v2014.12.0","v2014.11.0","v2014.10.0","v2014.09.0","v2014.08.0","v2014.07.0","v2014.06.0","v2014.05.0","v2014.04.0","v2014.03.0","v2014.02.0","v2014.01.0","v2013.12.0","v2013.11.0","v2013.10.0","v2013.09.0","v2013.08.0","v2013.07.0","v2013.06.0","v2013.05.0","v2013.04.0","v2013.03.0","v2013.02.0","v2013.01.0","v2012.12.0","v2012.11.0","v2012.10.0","v2012.09.0","v2012.08.0","v2012.07.0","v2012.06.0","v2012.05.0","v2012.04.0","v2012.03.0","v2012.02.0","v2012.01.0","v2011.12.0","v2011.11.0","v2011.10.0","v2011.09.0","v2011.08.0","v2011.07.0","v2011.06.0","v2011.05.0","v2011.04.0","v2011.03.0","v2011.02.0","v2011.01.0","v2010.12.0","v2010.11.0","v2010.10.0","v2010.09.0","v2010.08.0","v2010.07.0","v2010.06.0","v2010.05.0","v2010.04.0","v2010.03.0","v2010.02.0","v2009.12.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13910.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}