Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-2347
PUBLISHED
More InfoOfficial Page
Assigner-Google
Assigner Org ID-14ed7db2-1595-443d-9d34-6215bf890778
View Known Exploited Vulnerability (KEV) details
Published At-23 Sep, 2022 | 12:50
Updated At-12 May, 2026 | 10:12
Rejected At-
▼CVE Numbering Authority (CNA)
Unchecked Download size in Uboot

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.

Affected Products
Vendor
Uboot
Product
Uboot
Versions
Affected
  • From unspecified through 2022.07 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://seclists.org/oss-sec/2022/q3/41
x_refsource_MISC
Hyperlink: https://seclists.org/oss-sec/2022/q3/41
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://seclists.org/oss-sec/2022/q3/41
x_refsource_MISC
x_transferred
https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html
N/A
Hyperlink: https://seclists.org/oss-sec/2022/q3/41
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
3.
Affected Products
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX MX5000
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX MX5000RE
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1400
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1500
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1501
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1510
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1511
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1512
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1524
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX1536
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Vendor
Siemens AGSiemens
Product
RUGGEDCOM ROX RX5000
Default Status
unknown
Versions
Affected
  • From 0 before V2.17.1 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-577017.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-577017.html
Resource: N/A
Details not found