Lucene search

ROSA LABROSA-SA-2024-2349

HistoryFeb 20, 2024 - 9:18 a.m.

Advisory ROSA-SA-2024-2349

2024-02-2009:18:09

ROSA LAB

abf.rosalinux.ru

grub2

rosa

vulnerability

out-of-bounds writes

http headers

denial of service

resolved

7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

6.7 Medium

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.7%

JSON

Software: grub2 2.02
OS: rosa-server79

package_evr_string: grub2-2.02-0.87.res7.11

CVE-ID: CVE-2022-28734
BDU-ID: 2024-01201
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Grub loader is related to out-of-bounds writes when processing delimited HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: Execute yum update grub2 to close.

OSVersionArchitecturePackageVersionFilename
rosaanynoarchgrub2< 2.02UNKNOWN

OS	Version	Architecture	Package	Version	Filename
rosa	any	noarch	grub2	< 2.02	UNKNOWN

7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

6.7 Medium

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.7%

JSON

Related for ROSA-SA-2024-2349