Buffer overflow in Tianocore Edk Ii

CVE-2021-28211

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

Vulnerability class: Buffer Overflow

EPSS: 0.001 (19.0th percentile) — read the EPSS interpretation.

Affected products

Tianocore Edk Ii — versions edk2-stable202008

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

bugzilla.tianocore.org/show_bug.cgi (x_refsource_MISC)