Lucene search
K

8 matches found

BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.2 views

The vulnerability in the implementation of the read_section_as_string() function of the Grub2 operating system allows a attacker to influence data integrity or cause service failures.

The vulnerability of the readsectionasstring function in the Grub2 operating system’s loader is related to the issue of data operations going beyond the buffer boundaries. This is because the maximum length of a UINT32MAX is 1 byte. Exploiting this vulnerability could allow an attacker to influen...

5.1CVSS6.9AI score0.00478EPSS
Exploits0References12Affected Software6
RedHat Linux
RedHat Linux
added 2020/08/03 12:15 p.m.3 views

grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow

A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...

6CVSS7.6AI score0.00478EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/03 12:6 p.m.3 views

grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow

A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...

6CVSS7.6AI score0.00478EPSS
Exploits0References4
CNVD
CNVD
added 2020/08/03 12:0 a.m.1 views

grub2 heap buffer overflow vulnerability (CNVD-2020-45111)

GRUB2 is a bootloader. A heap buffer overflow vulnerability exists in the readsectionasstring function in grub2 versions prior to 2.06. An attacker can exploit this vulnerability to cause an arithmetic overflow and zero-size allocation via a malicious font file with the name UINT32MAX, which can...

6CVSS9.5AI score0.00478EPSS
Exploits0References1
OSV
OSV
added 2020/07/31 10:15 p.m.2 views

ALPINE-CVE-2020-14310

There is an issue on grub2 before version 2.06 at function readsectionasstring. It expects a font name to be at max UINT32MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a...

6CVSS7.1AI score0.00478EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/29 7:42 p.m.5 views

grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow

A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...

6CVSS7.6AI score0.00478EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:34 p.m.4 views

grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow

A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...

6CVSS7.6AI score0.00478EPSS
Exploits0References4
OSV
OSV
added 2020/07/29 5:0 p.m.1 views

UBUNTU-CVE-2020-14310

There is an issue on grub2 before version 2.06 at function readsectionasstring. It expects a font name to be at max UINT32MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a...

6CVSS7.2AI score0.00478EPSS
Exploits0References7
Rows per page
Query Builder