{"containers": {"cna": {"providerMetadata": {"dateUpdated": "2019-10-28T14:56:15", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none"}]}}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2017-5735", "datePublished": "2019-10-28T14:56:15", "dateRejected": "2019-10-28T14:56:15", "dateReserved": "2017-02-01T00:00:00", "dateUpdated": "2019-10-28T14:56:15", "state": "REJECTED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none"}], "id": "CVE-2017-5735", "lastModified": "2023-11-07T02:49:35.563", "metrics": {}, "published": "2019-10-28T15:15:13.410", "references": [], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Rejected"}

{"affected_release": [{"advisory": "RHSA-2019:2125", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ovmf-0:20180508-6.gitee3198e672e2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}], "bugzilla": {"description": "edk2: Privilege escalation via heap-based buffer overflow in Decode() function", "id": "1641465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-287", "details": ["[REJECTED CVE] A heap-based buffer overflow issue was identified in EDK2 in the Decode() function of BaseUefiDecompressLib.c, TianoCompress.c and UEFI Specification. The issue arises from improper handling of data, which could allow an authenticated attacker to exploit it by supplying a crafted file. This could lead to privilege escalation."], "name": "CVE-2017-5735", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-10-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-5735\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5735\nhttps://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"], "threat_severity": "Moderate"}