GHSA-2689-5P89-6J3J: Stack-Based Out-of-Bounds Write in UEFI Firmware Parser Tiano Decompressor
Vulnerability ID: GHSA-2689-5P89-6J3J
CVSS Score: 9.8
Published: 2026-04-16
The uefi-firmware-parser project prior to version 1.13 contains a critical stack-based out-of-bounds write vulnerability within its Tiano decompression implementation. By providing a specially crafted UEFI firmware volume, an attacker can trigger memory corruption leading to remote code execution or denial of service.
TL;DR
A missing bounds check in the Tiano decompressor's MakeTable function allows arbitrary stack manipulation via maliciously crafted bit lengths, leading to potential code execution.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-121 / CWE-787
- Attack Vector: Network / File-based
- CVSS Score: 9.8
- Impact: Remote Code Execution / Denial of Service
- Exploit Status: PoC / Research
- KEV Status: Not Listed
Affected Systems
- uefi-firmware-parser versions prior to 1.13
-
uefi-firmware-parser: < 1.13 (Fixed in:
1.13)
Code Analysis
Commit: bf3dfaa
Port of EDK2 fixes including bounds checking for Tiano MakeTable BitLen index to prevent stack out-of-bounds write.
Mitigation Strategies
- Upgrade to uefi-firmware-parser version 1.13 or newer
- Execute firmware parsing tools in isolated, restricted sandboxes
- Disable network access for the analysis environment to prevent lateral movement
- Apply robust stack protection and ASLR on systems executing firmware parsers
Remediation Steps:
- Identify all projects and pipelines dependent on the uefi-firmware-parser library
- Update the dependency version in project manifests to 1.13 or higher
- Rebuild and redeploy the application or analysis container
- Verify the update by testing the parser with standard firmware payloads
References
Read the full report for GHSA-2689-5P89-6J3J on our website for more details including interactive diagrams and full exploit analysis.
This article was originally published by DEV Community and written by CVE Reports.
Read original article on DEV Community