6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
43.0%
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an “Off-by-two” or “Out of bounds overwrite” memory error.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | grub2 | < 2.02~beta2-33 | grub2_2.02~beta2-33_all.deb |
Debian | 11 | all | grub2 | < 2.02~beta2-33 | grub2_2.02~beta2-33_all.deb |
Debian | 10 | all | grub2 | < 2.02~beta2-33 | grub2_2.02~beta2-33_all.deb |
Debian | 999 | all | grub2 | < 2.02~beta2-33 | grub2_2.02~beta2-33_all.deb |
Debian | 13 | all | grub2 | < 2.02~beta2-33 | grub2_2.02~beta2-33_all.deb |