Lucene search

K
rosalinuxROSA LABROSA-SA-2024-2349
HistoryFeb 20, 2024 - 9:18 a.m.

Advisory ROSA-SA-2024-2349

2024-02-2009:18:09
ROSA LAB
abf.rosalinux.ru
24
grub2
rosa
vulnerability
out-of-bounds writes
http headers
denial of service
resolved

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

24.8%

Software: grub2 2.02
OS: rosa-server79

package_evr_string: grub2-2.02-0.87.res7.11

CVE-ID: CVE-2022-28734
BDU-ID: 2024-01201
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Grub loader is related to out-of-bounds writes when processing delimited HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: Execute yum update grub2 to close.

OSVersionArchitecturePackageVersionFilename
rosaanynoarchgrub2< 2.02UNKNOWN

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

24.8%