AVG-1359 log

Package edk2-shell
Status Fixed
Severity Medium
Type denial of service
Affected 202008-1
Fixed 202011-1
Current 202311-1 [extra]
Ticket None
Created Mon Dec 14 22:41:05 2020
Issue Severity Remote Type Description
CVE-2019-14584 Medium No Denial of service
A security issue was found in edk2 up to edk2-stable202011. AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded signed authenticode...
There are also https://bugzilla.tianocore.org/show_bug.cgi?id=1743 and https://bugzilla.tianocore.org/show_bug.cgi?id=1816 which have been fixed in this release, but no CVE appears to have been assigned yet.