How severe is CVE-2017-3226?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2017-3226?

This is classified as CWE-329, which is a common weakness in software security.

CVE-2017-3226 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message.

Related Vulnerabilities

CVE-2020-5408

MEDIUM

CVSS:6.5(Medium)

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the ...

CWE-3292020

CVE-2021-27499

MEDIUM

CVSS:5.9(Medium)

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communicatio...

CWE-3292021

CVE-2022-46397

HIGH

CVSS:7.5(High)

FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.

CWE-3292022

CVE-2017-3225

MEDIUM

CVSS:4.6(Medium)

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may a...

CWE-3292017

CVE-2022-46397

HIGH

CVSS:7.5(High)

FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.

CWE-3292022

CVE-2020-5408

MEDIUM

CVSS:6.5(Medium)

CWE-3292020