CVE-2024-57257

CVSS v3.1

2.4

Low

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions DAS U-Boot versions prior to 2025.01-RC1

Description A stack consumption issue occurs in the sqfs size function in DAS U-Boot through a crafted squashfs filesystem with deep symlink nesting. This issue affects the SquashFS symlink resolution function, leading to a stack-based overflow.

Recommendations For versions prior to 2025.01-RC1, update to version 2025.01-RC1 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted squashfs filesystems with deep symlink nesting to minimize the risk of exploitation.

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

BDU:2025-02556

CVE-2024-57257

DLA-4150-1

OESA-2025-1210

OESA-2025-1211

OESA-2025-1212

OESA-2025-1213

USN-8056-1

Affected Products

Das U-Boot

Debian

Linuxmint

Ubuntu

CVE-2024-57257

Weakness Enumeration

Related Identifiers

Affected Products

References · 39