AVG-1697 log
| Package | edk2-shell |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 202008-1 |
| Fixed | 202011-1 |
| Current | 202508-1 [extra] |
| Ticket | None |
| Created | Tue Mar 16 10:54:04 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-28211 | Medium | No | Arbitrary code execution | A security issue was found in EDK II before version 202011. A possible heap corruption in LzmaUefiDecompressGetInfo could lead to arbitrary code execution. |
| CVE-2021-28210 | Low | No | Denial of service | A security issue was found in EDK II before version 202011. An unlimited FV parsing recursion could lead to denial of service. |