{
  "threat_severity" : "Moderate",
  "public_date" : "2018-10-16T00:00:00Z",
  "bugzilla" : {
    "description" : "edk2: Privilege escalation via heap-based buffer overflow in Decode() function",
    "id" : "1641465",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1641465"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.7",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-287",
  "details" : [ "[REJECTED CVE] A heap-based buffer overflow issue was identified in EDK2 in the Decode() function of BaseUefiDecompressLib.c, TianoCompress.c and UEFI Specification. The issue arises from improper handling of data, which could allow an authenticated attacker to exploit it by supplying a crafted file. This could lead to privilege escalation." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-06T00:00:00Z",
    "advisory" : "RHSA-2019:2125",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "ovmf-0:20180508-6.gitee3198e672e2.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "edk2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-5735\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5735\nhttps://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" ],
  "name" : "CVE-2017-5735",
  "csaw" : false
}