CVE-2022-4087

Summary

A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
unspecifiediPXEn/aaffected

Weaknesses

  • CWE-284: CWE-284 Improper Access Controls -> CWE-200 Information Disclosure -> CWE-203 Information Exposure Through Discrepancy

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References