AVG-1359 log
| Package | edk2-shell |
| Status | Fixed |
| Severity | Medium |
| Type | denial of service |
| Affected | 202008-1 |
| Fixed | 202011-1 |
| Current | 202408.01-1 [extra] |
| Ticket | None |
| Created | Mon Dec 14 22:41:05 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-14584 | Medium | No | Denial of service | A security issue was found in edk2 up to edk2-stable202011. AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode... |
| Notes |
|---|
There are also https://bugzilla.tianocore.org/show_bug.cgi?id=1743 and https://bugzilla.tianocore.org/show_bug.cgi?id=1816 which have been fixed in this release, but no CVE appears to have been assigned yet. |