Primary

Context

CloverHackyColor CloverBootloader Out-of-Bounds Read Vulnerability

Vulnerability

An out-of-bounds read vulnerability has been identified in CloverHackyColor CloverBootloader versions prior to 5162. This issue arises in the MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules, specifically within the regparse.C program file. The vulnerability allows for a heap-buffer overflow in the 'fetch_interval_quantifier()' function, due to a double PFETCH instruction, which could potentially be exploited to read memory outside the intended bounds.

Impact

Exploitation of this vulnerability leads to a heap-buffer overflow, which can commonly be exploited to execute arbitrary code or cause a denial-of-service condition.

Remediation

Users can update to CloverHackyColor CloverBootloader version 5162 or later to address this vulnerability.

Added: Jan 27, 2026, 9:36 AM

Updated: Jan 27, 2026, 3:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

2.8

remediation

0.0

relevance

2.4

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

2.8

remediation

0.0

relevance

2.4

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CloverHackyColor CloverBootloader Out-of-Bounds Read Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating