Vulnerability in Das U-boot

CVE-2017-3226

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_E…

EPSS: 0.000 (13.2th percentile) — read the EPSS interpretation.

Affected products

Das U-boot — versions 2017.09

Weakness classification (CWE)

CWE-329 — Generation of Predictable IV with CBC Mode

References

100675 (vdb-entry, x_refsource_BID)
VU#166743 (x_refsource_CERT-VN, third-party-advisory)