Lucene search

K
cveRedhatCVE-2020-14310
HistoryJul 31, 2020 - 10:15 p.m.

CVE-2020-14310

2020-07-3122:15:11
CWE-122
CWE-190
redhat
web.nvd.nist.gov
221
2
cve-2020-14310
cve
grub2
vulnerability
font name
buffer overflow
nvd
security issue

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

19.0%

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn’t verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

Affected configurations

Nvd
Vulners
Node
gnugrub2Range<2.06
Node
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linux_eusMatch8.1
OR
redhatenterprise_linux_eusMatch8.2
OR
redhatenterprise_linux_server_ausMatch8.2
OR
redhatenterprise_linux_server_tusMatch8.2
Node
opensuseleapMatch15.1
OR
opensuseleapMatch15.2
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch20.04lts
VendorProductVersionCPE
gnugrub2*cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "grub2",
    "vendor": "The Grub2 Project",
    "versions": [
      {
        "status": "affected",
        "version": "2.06"
      }
    ]
  }
]

Social References

More

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

19.0%