Pengutronix - Barebox CVE

Filtered by vendor Pengutronix Subscribe

Filtered by product Barebox

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-37848	1 Pengutronix	1 Barebox	2022-07-12	5.0 MEDIUM	7.5 HIGH
common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.
CVE-2021-37847	1 Pengutronix	1 Barebox	2021-09-21	5.0 MEDIUM	7.5 HIGH
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.

Vulnerabilities (CVE)