CVE-2022-4087

Name of the Vulnerable Software and Affected Versions iPXE (affected versions not specified)

Description A vulnerability was found in the function tls new ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad len leads to information exposure through discrepancy. This issue is related to incorrect access control and can be exploited by a remote attacker to disclose confidential information.

Recommendations To fix this issue, it is recommended to apply a patch with the name 186306d6199096b7a7c4b4574d4be8cdb8426729. As a temporary workaround, consider disabling the tls new ciphertext function until a patch is available. Restrict access to the src/net/tls.c file to minimize the risk of exploitation. Avoid using the argument pad len in the affected TLS component until the issue is resolved.