Unspecified vulnerability in GNU GRUB

GNU GRUB is a Linux system boot program from the GNU community. A security vulnerability exists in GNU GRUB that stems from grubcryptomemcmp not using a constant time algorithm, no details of the vulnerability are provided at this time...

GNU GRUB Buffer Overflow Vulnerability

GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from a buffer overflow vulnerability that originates from a boundary error in fs/hfs.c when handling untrusted input. An attacker could exploit the vulnerability via a heap-based buffer overflow caused by carefully...

PT-2025-42737

Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19 Description An issue exists in the archive/tar package within golang that involves an unbounded allocation during the parsing of GNU sparse map files. This can lead to excessive memory consumption and...

PT-2025-30999 · Gnu +1 · Gnu Binutils +1

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.44 Description: A memory leak issue exists in the DWARF Section Handler component, specifically within the process debug info function of the binutils/dwarf.c file. Local access is required for exploitation...

PT-2025-32387 · Gnu +1 · Gnu Bison +1

Name of the Vulnerable Software and Affected Versions: GNU Bison versions up to 3.8.2 Description: A vulnerability exists in GNU Bison up to version 3.8.2, affecting the obstack vprintf internal function within the obprintf.c file. Manipulation of this function can lead to a reachable assertion...

PT-2025-32391 · Gnu +1 · Gnu Cflow +1

Name of the Vulnerable Software and Affected Versions: GNU cflow versions up to 1.8 Description: A problematic issue exists in GNU cflow due to a null pointer dereference in the yylex function within the c.c file of the Lexer component. This issue can be exploited locally. The exploit has been...

PT-2025-30997 · Gnu +1 · Gnu Binutils +1

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.44 Description: A problematic issue exists in the BFD Library component of GNU Binutils. The bfd elf get str section function within the bfd/elf.c file is susceptible to a null pointer dereference. Local access is...

PT-2025-6835

Name of the Vulnerable Software and Affected Versions GNU grub2 affected versions not specified Description A issue has been identified in GNU grub2 related to an hfs out-of-bounds write. Recommendations At the moment, there is no information about a newer version that contains a fix for this iss...

PT-2025-54207

Name of the Vulnerable Software and Affected Versions GNU Unrtf versions 0.21.10 Description A flaw exists in the src/path.c component of GNU Unrtf that can lead to a Denial of Service DoS. The issue is due to a NULL pointer dereference triggered by a crafted payload injected into the search path...

CVE-2024-56737

A flaw was found in the HFS file system driver in grub2. This issue allows a local attacker to trigger a heap-based buffer overflow via a specially crafted sblock in a malicious HFS file system, causing memory corruption, unexpected behavior, and denial of service. Mitigation Do not run grub2 in ...

AZL-54683 CVE-2024-56737 affecting package grub2 for versions less than 2.06-15

GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...

AZL-54692 CVE-2024-56738 affecting package grub2 2.06-16

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

DEBIAN-CVE-2024-56737

GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...

CVE-2024-56737

GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

CVE-2024-56737

GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

CVE-2024-56738

CVE-2024-56738 details (Mode C): GNU GRUB (GRUB2) up to version 2.12 is affected because grub_crypto_memcmp is not implemented in constant time, enabling potential side-channel attacks. Connected Nessus entries for EulerOS/Virt show the same CVE-2024-56738 claim and reference. The description doe...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...