GHSA-2689-5P89-6J3J: Stack-Based Out-of-Bounds Write in UEFI Firmware Parser Tiano Decompressor
Vulnerability ID: GHSA-2689-5P89-6J3J
CVSS Score: 9.8
Published: 2026-04-16
The uefi-firmware-parser project prior to version 1.13 contains a critical stack-based out-of-bounds write vulnerability within its Tiano decompression implementation. By providing a specially crafted UEFI firmware volume, an attacker can trigger memory corruption leading to remote code execution or denial of service.
TL;DR
A missing bounds check in the Tiano decompressor's MakeTable function allows arbitrary stack manipulation via maliciously crafted bit lengths, leading to potential code execution.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-121 / CWE-787
- Attack Vector: Network / File-based
- CVSS Score: 9.8
- Impact: Remote Code Execution / Denial of Service
- Exploit Status: PoC / Research
- KEV Status: Not Listed
Affected Systems
- uefi-firmware-parser versions prior to 1.13
-
uefi-firmware-parser: < 1.13 (Fixed in:
1.13)
Code Analysis
Commit: bf3dfaa
Port of EDK2 fixes including bounds checking for Tiano MakeTable BitLen index to prevent stack out-of-bounds write.
Mitigation Strategies
- Upgrade to uefi-firmware-parser version 1.13 or newer
- Execute firmware parsing tools in isolated, restricted sandboxes
- Disable network access for the analysis environment to prevent lateral movement
- Apply robust stack protection and ASLR on systems executing firmware parsers
Remediation Steps:
- Identify all projects and pipelines dependent on the uefi-firmware-parser library
- Update the dependency version in project manifests to 1.13 or higher
- Rebuild and redeploy the application or analysis container
- Verify the update by testing the parser with standard firmware payloads
References
Read the full report for GHSA-2689-5P89-6J3J on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)