AVG-1697 log

Package edk2-shell
Status Fixed
Severity Medium
Type multiple issues
Affected 202008-1
Fixed 202011-1
Current 202111-4 [testing]
202108-1 [extra]
Ticket None
Created Tue Mar 16 10:54:04 2021
Issue Severity Remote Type Description
CVE-2021-28211 Medium No Arbitrary code execution
A security issue was found in EDK II before version 202011. A possible heap corruption in LzmaUefiDecompressGetInfo  could lead to arbitrary code execution.
CVE-2021-28210 Low No Denial of service
A security issue was found in EDK II before version 202011. An unlimited FV parsing recursion could lead to denial of service.