grub2 heap buffer overflow vulnerability (CNVD-2020-45111)

GRUB2 is a bootloader. A heap buffer overflow vulnerability exists in the readsectionasstring function in grub2 versions prior to 2.06. An attacker can exploit this vulnerability to cause an arithmetic overflow and zero-size allocation via a malicious font file with the name UINT32MAX, which can...

AZL-6459 CVE-2020-14311 affecting package grub2 for versions less than 2.06~rc1-7

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...