Lucene search

K
cvelistRedhatCVELIST:CVE-2020-14310
HistoryJul 31, 2020 - 8:55 p.m.

CVE-2020-14310

2020-07-3120:55:55
CWE-190
CWE-122
redhat
www.cve.org
7

CVSS3

5.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

19.0%

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn’t verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

CNA Affected

[
  {
    "product": "grub2",
    "vendor": "The Grub2 Project",
    "versions": [
      {
        "status": "affected",
        "version": "2.06"
      }
    ]
  }
]

CVSS3

5.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

19.0%