PT-2025-6745 · Unknown+3 · Das U-Boot+3

David Gstir

Published

2025-02-17

Updated

2026-02-23

CVE-2024-57259

CVSS v3.1

7.1

High

Vector

AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2025.01-rc1

Description The issue is related to an off-by-one error in the sqfs search dir function, which leads to heap memory corruption when listing SquashFS directories. This error occurs because the path separator is not considered in a size calculation.

Recommendations For versions prior to 2025.01-rc1, update to version 2025.01-rc1 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

BDU:2025-10594

CVE-2024-57259

DLA-4150-1

OESA-2025-1210

OESA-2025-1211

OESA-2025-1212

OESA-2025-1213

USN-8056-1

Affected Products

Das U-Boot

Debian

Linuxmint

Ubuntu

PT-2025-6745 · Unknown+3 · Das U-Boot+3

CVE-2024-57259

Weakness Enumeration

Related Identifiers

Affected Products

References · 38