Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-45776

Опубликовано: 18 фев. 2025
Источник: redhat
CVSS3: 6.7
EPSS Низкий

Описание

When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7grub2Not affected
Red Hat Enterprise Linux 8grub2Not affected
Red Hat OpenShift Container Platform 4rhcosFix deferred
Red Hat Enterprise Linux 10grub2FixedRHSA-2025:1615418.09.2025
Red Hat Enterprise Linux 9grub2FixedRHSA-2025:699013.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2339182grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read.

EPSS

Процентиль: 22%
0.00072
Низкий

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-45776

CVSS3: 6.7
ubuntu
около 1 года назад

When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.

nvd логотип

CVE-2024-45776

CVSS3: 6.7
nvd
около 1 года назад

When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.

msrc логотип

CVE-2024-45776

CVSS3: 6.7
msrc
7 месяцев назад

Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.

debian логотип

CVE-2024-45776

CVSS3: 6.7
debian
около 1 года назад

When reading the language .mo file in grub_mofile_open(), grub2 fails ...

github логотип

GHSA-8852-57vj-5pjq

CVSS3: 6.7
github
около 1 года назад

When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.

EPSS

Процентиль: 22%
0.00072
Низкий

6.7 Medium

CVSS3