cvedb.io
CVE-2021-37848
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2021-08-02T20:15:08.303 · Last modified 2026-06-17T04:01:11.990

Summary

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.

Affected products

pengutronix — barebox

Does this affect you?

Add your gear to cvedb and we'll alert you only when pengutronix ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.