PT-2026-4864 · Unknown+1 · Cloverbootloader+1
Titan Team
·
Published
2026-01-27
·
Updated
2026-01-27
·
CVE-2026-24795
CVSS v4.0
5.1
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber |
Name of the Vulnerable Software and Affected Versions
CloverBootloader versions prior to 5162
Description
An out-of-bounds write issue exists in the CloverBootloader software, specifically within the
regcomp.C program file and the Oniguruma modules of the MdeModulePkg/Universal/RegularExpressionDxe component. This condition may allow for unexpected behavior or potential compromise of the system.Recommendations
Update CloverBootloader to version 5162 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloverbootloader
Mdemodulepkg/Universal/Regularexpressiondxe