CVE-2024-57258

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 18, 2025

Updated: Feb 19, 2025

CWE ID 190

Summary

CVE-2024-57258 is a vulnerability affecting Das U-Boot versions prior to 2025.01-rc1. This issue arises due to integer overflows in memory allocation functions. An attacker can exploit this vulnerability by supplying a specially crafted squashfs filesystem. The overflows can occur through the sbrk function, request2size, or due to improper handling of ptrdiff_t on x86_64 architecture. Successful exploitation may lead to unintended memory manipulation, potentially resulting in system crashes or arbitrary code execution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T5QKw
https://www.cve.org/CVERecord?id=CVE-2024-57258
https://nvd.nist.gov/vuln/detail/CVE-2024-57258

Back to Vulnerability Database

CVE-2024-57258

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations