Vulnerability Description
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Denx | U-Boot | 2020.10 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU97846460/index.htmlThird Party Advisory
- https://lists.denx.de/pipermail/u-boot/2022-June/487467.htmlExploitMailing ListVendor Advisory
- https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b39PatchThird Party AdvisoryVendor Advisory
- https://www.denx.de/project/u-boot/Product
- https://jvn.jp/en/vu/JVNVU97846460/index.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html
- https://lists.denx.de/pipermail/u-boot/2022-June/487467.htmlExploitMailing ListVendor Advisory
- https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b39PatchThird Party AdvisoryVendor Advisory
- https://www.denx.de/project/u-boot/Product
FAQ
What is CVE-2022-33967?
CVE-2022-33967 is a vulnerability with a CVSS score of 7.8 (HIGH). squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a s...
How severe is CVE-2022-33967?
CVE-2022-33967 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-33967?
Check the references section above for vendor advisories and patch information. Affected products include: Denx U-Boot.