86 matches found
CVE-2024-56737
A flaw was found in the HFS file system driver in grub2. This issue allows a local attacker to trigger a heap-based buffer overflow via a specially crafted sblock in a malicious HFS file system, causing memory corruption, unexpected behavior, and denial of service. Mitigation Do not run grub2 in ...
AZL-54683 CVE-2024-56737 affecting package grub2 for versions less than 2.06-15
GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...
DEBIAN-CVE-2024-56737
GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...
AZL-54692 CVE-2024-56738 affecting package grub2 2.06-16
GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...
CVE-2024-56737
GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...
CVE-2024-56738
GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...
CVE-2024-56738
GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...
CVE-2024-56737
GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...
CVE-2024-56738
CVE-2024-56738 details (Mode C): GNU GRUB (GRUB2) up to version 2.12 is affected because grub_crypto_memcmp is not implemented in constant time, enabling potential side-channel attacks. Connected Nessus entries for EulerOS/Virt show the same CVE-2024-56738 claim and reference. The description doe...
CVE-2024-56738
GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...
CVE-2024-56738
GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...
CVE-2024-56737
GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...
CVE-2024-56737
The CVE-2024-56737 issue affects GNU GRUB (GRUB2) up to version 2.12, with a heap-based buffer overflow in fs/hfs.c triggered by crafted sblock data on an HFS filesystem. Connected advisories reiter the flaw in grub2 and reference patched packages across platforms (e.g., grub2 2.06-14/61 notes in...
CVE-2024-56737
GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...
PT-2024-37048
Name of the Vulnerable Software and Affected Versions GNU GRUB aka GRUB2 versions 2.12 and earlier Description The issue is related to the use of a non-constant time algorithm for grub crypto memcmp, which allows side-channel attacks. This means that an attacker could potentially exploit the...
CVE-2024-56737
GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...
CVE-2024-56738
GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...
PT-2024-9919 · Gnu Grub +3 · Gnu Grub +3
Name of the Vulnerable Software and Affected Versions: GNU GRUB aka GRUB2 versions through 2.12 Description: The issue is a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. This can allow a remote attacker to impact the confidentiality, integrity, and...
SUSE CVE-2013-4577
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the passwordpbkdf2 directive in the file...
SUSE CVE-2017-10929
The grubmemmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the...