{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2019.07-rc1" }, { "introduced": "0" }, { "last_affected": "2019.07-rc2" }, { "introduced": "0" }, { "last_affected": "2019.07-rc3" }, { "introduced": "0" }, { "last_affected": "2019.07-rc4" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "a69120a0d7c8d4044cdaceea9eb03913ba4e49c7" }, { "introduced": "0" }, { "last_affected": "5b4b680cfe29a67171ccbe439c66374cb31faca3" }, { "introduced": "0" }, { "last_affected": "7c7919cd07b34a784ab321ab7578106c9e9bd753" }, { "introduced": "0" }, { "last_affected": "fc6c0e29a28f6b71dfb728b7f78e9e770f2cd218" } ], "repo": "https://github.com/u-boot/u-boot", "type": "GIT" } ] } ], "details": "Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.", "id": "CVE-2019-13105", "modified": "2026-03-13T21:58:16.956989213Z", "published": "2019-08-06T20:15:12.050Z", "references": [ { "type": "ADVISORY", "url": "https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75" }, { "type": "FIX", "url": "https://github.com/u-boot/u-boot/commits/master" }, { "type": "FIX", "url": "https://lists.denx.de/pipermail/u-boot/2019-July/375513.html" } ], "severity": [ { "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }