{"containers": {"cna": {"affected": [{"product": "EDK II", "vendor": "TianoCore", "versions": [{"lessThanOrEqual": "edk2-stable202008", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An unlimited recursion in DxeCore in EDK II."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-674", "description": "A case of CWE-674 is occurring in MdeModulePkg, which can lead to stack and heap corruption.", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-11T15:11:23", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "infosec@edk2.groups.io", "ID": "CVE-2021-28210", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EDK II", "version": {"version_data": [{"version_affected": "<=", "version_value": "edk2-stable202008"}]}}]}, "vendor_name": "TianoCore"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unlimited recursion in DxeCore in EDK II."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A case of CWE-674 is occurring in MdeModulePkg, which can lead to stack and heap corruption."}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743", "refsource": "MISC", "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:40:12.971Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"}]}]}, "cveMetadata": {"assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2021-28210", "datePublished": "2021-06-11T15:11:23", "dateReserved": "2021-03-12T00:00:00", "dateUpdated": "2024-08-03T21:40:12.971Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0242CC2-68D7-42BA-9163-7F40AACA65CF", "versionEndExcluding": "202008", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An unlimited recursion in DxeCore in EDK II."}, {"lang": "es", "value": "Una recursi\u00f3n ilimitada en la funci\u00f3n DxeCore en EDK II"}], "id": "CVE-2021-28210", "lastModified": "2024-11-21T05:59:22.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-11T16:15:12.430", "references": [{"source": "infosec@edk2.groups.io", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1743"}], "sourceIdentifier": "infosec@edk2.groups.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "infosec@edk2.groups.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:4198", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "edk2-0:20210527gite1999b264f1f-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}], "bugzilla": {"description": "edk2: unlimited FV recursion, round 2", "id": "1883552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883552"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-674", "details": ["An unlimited recursion in DxeCore in EDK II.", "A flaw was found in edk2. An unlimited recursion in DxeCore may allow an attacker to corrupt the system memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2021-28210", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-11-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-28210\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-28210"], "threat_severity": "Moderate"}