Описание
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a malicious set of HTTP packages making grub2 corrupt its internal memory metadata structure. This leads to data integrity and confidentiality issues or forces grub to crash, resulting in a denial of service attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | grub2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | grub2 | Fixed | RHSA-2022:5095 | 16.06.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | grub2 | Fixed | RHSA-2022:5098 | 16.06.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | grub2 | Fixed | RHSA-2022:5100 | 16.06.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | grub2 | Fixed | RHSA-2022:5096 | 16.06.2022 |
| Red Hat Enterprise Linux 9 | grub2 | Fixed | RHSA-2022:5099 | 16.06.2022 |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
Out-of-bounds write when handling split HTTP headers; When handling sp ...
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
7 High
CVSS3