{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24796", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:18:43.268Z", "datePublished": "2026-01-27T08:22:20.758Z", "dateUpdated": "2026-01-27T21:39:06.965Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/CloverHackyColor/CloverBootloader", "defaultStatus": "affected", "modules": ["MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma"], "product": "CloverBootloader", "programFiles": ["regparse.c"], "vendor": "CloverHackyColor", "versions": [{"lessThan": "5162", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules).<p> This vulnerability is associated with program files <tt>regparse.C</tt>.</p><p>This issue affects CloverBootloader: before 5162.</p>"}], "value": "Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C.\n\nThis issue affects CloverBootloader: before 5162."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:C/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:22:20.758Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/CloverHackyColor/CloverBootloader/pull/732"}], "source": {"discovery": "UNKNOWN"}, "title": "A Out-of-bounds Read vulnerability in CloverHackyColor/CloverBootloader", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T21:09:55.992211Z", "id": "CVE-2026-24796", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T21:39:06.965Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24796", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T21:09:55.992211Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T21:09:58.177Z"}}], "cna": {"title": "A Out-of-bounds Read vulnerability in CloverHackyColor/CloverBootloader", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 6.9, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:C/RE:L/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "CloverHackyColor", "modules": ["MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma"], "product": "CloverBootloader", "versions": [{"status": "affected", "version": "0", "lessThan": "5162", "versionType": "git"}], "programFiles": ["regparse.c"], "collectionURL": "https://github.com/CloverHackyColor/CloverBootloader", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/CloverHackyColor/CloverBootloader/pull/732", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C.\n\nThis issue affects CloverBootloader: before 5162.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules).<p> This vulnerability is associated with program files <tt>regparse.C</tt>.</p><p>This issue affects CloverBootloader: before 5162.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:22:20.758Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24796", "state": "PUBLISHED", "dateUpdated": "2026-01-27T21:39:06.965Z", "dateReserved": "2026-01-27T08:18:43.268Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:22:20.758Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C.\n\nThis issue affects CloverBootloader: before 5162."}, {"lang": "es", "value": "Vulnerabilidad de lectura fuera de l\u00edmites en CloverHackyColor CloverBootloader (m\u00f3dulos MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa regparse.C.\n\nEste problema afecta a CloverBootloader: anterior a 5162."}], "id": "CVE-2026-24796", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:49.370", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/CloverHackyColor/CloverBootloader/pull/732"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T18:48:49.636206+00:00", "value": {"mitigation_remediation": ["Upgrade CloverBootloader to version 5162 or later, which incorporates the fix for the out-of-bounds read.", "If an upgrade cannot be performed immediately, consider disabling the Oniguruma regular expression engine or any components that load regparse.C from the bootloader configuration to mitigate the risk.", "Apply secure boot measures or verify that the bootloader binary has not been tampered with to reduce the risk of malicious code execution during boot."], "summary": {"action": "Patch immediately", "impact": "Information disclosure through out-of-bounds read"}, "threat_synthesis": {"affected_systems": "This flaw impacts CloverHackyColor CloverBootloader binaries with a build version earlier than 5162. The affected product is the CloverBootloader used as a macOS bootloader.", "description_and_impact": "The vulnerability occurs in the CloverBootloader\u2019s Oniguruma regular expression engine, specifically within the regparse.C module. An out-of-bounds read can expose data located beyond the intended bounds, potentially revealing sensitive information held in memory. The description does not indicate that an attacker can achieve code execution or privilege escalation from this flaw.", "risk_and_exploitability": "The CVSS score of 6.9 points to a medium-to-high risk level. The EPSS score is less than 1%, which suggests the likelihood of an active exploit is very low. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly documented; it is inferred that an attacker would need local or physical access to the device\u2019s boot environment, enabling them to supply a malicious regular expression during boot to trigger the out-of-bounds read."}}}}, "created": "2026-01-27T20:17:10.318926+00:00", "updated": "2026-04-18T19:00:08.033399+00:00", "vendors": ["cloverhackycolor", "cloverhackycolor$PRODUCT$cloverbootloader"]}