Libefiboot
Approved changes feed: RSS · Atom
cpe:2.3:a:ubuntu:libefiboot:-:*:*:*:*:*:*:*
part: a version: - update: *
| Vendor | Ubuntu (54779f98-997b-58ec-a561-52dfa4086aae) |
|---|---|
| Product | Libefiboot (fe554ac5-eda7-56ff-9b7e-c596ef4a2a91) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-6862 |
vulnerable | 2026-06-03 15:27:55.817830 |
Efivar: efivar: denial of service due to stack overflow in device path node parsing
MEDIUM (5.5)
A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerability by providing a specially crafted device path node. This can lead to infinite recursion, causing stack exhaustion and a process crash, resulting in a denial of service (DoS).
Published: 2026-04-22T13:45:45.503Z
Updated: 2026-04-22T14:28:14.132Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.