Hello,
Find attached more information about 13 vulnerabilities we found at U-Boot and its NFS and networking code. Also, find attached a proposed quick patch that should serve as a first initial one and should probably go through iterations of code review.
Please note, these vulnerabilities are not patched yet at the source repository. Tom Rini (U-boot's master custodian) requested the attached report to be published at this mailing list. At this time, and because of this email, we consider these vulnerabilities public.
For reference, MITRE has issued CVEs for the vulnerabilities: CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204
Best regards, -- Fermin Semmle Security Research Team