Vulnerability in Das U-boot

CVE-2017-3225

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cry…

EPSS: 0.001 (16.0th percentile) — read the EPSS interpretation.

Affected products

Das U-boot — versions 2017.09

Weakness classification (CWE)

CWE-329 — Generation of Predictable IV with CBC Mode

References

100675 (vdb-entry, x_refsource_BID)
VU#166743 (x_refsource_CERT-VN, third-party-advisory)