CVE-2024-45777

Опубликовано: 18 фев. 2025

Источник: redhat

CVSS3: 6.7

EPSS Низкий

Описание

A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.

Отчет

The Red Hat Product Security team has rated this vulnerability with a Moderate severity due to the high privileges required to exploit this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	grub2	Fix deferred
Red Hat Enterprise Linux 7	grub2	Out of support scope
Red Hat Enterprise Linux 8	grub2	Out of support scope
Red Hat OpenShift Container Platform 4	rhcos	Fix deferred
Red Hat Enterprise Linux 9	grub2	Fixed	RHSA-2025:20532	11.11.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2346343grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write.

EPSS

Процентиль: 12%

0.00039

Низкий

6.7 Medium

CVSS3

Связанные уязвимости

CVE-2024-45777

CVSS3: 6.7

ubuntu

около 1 года назад

CVE-2024-45777

CVSS3: 6.7

nvd

около 1 года назад

CVE-2024-45777

CVSS3: 6.7

msrc

7 месяцев назад

Grub2: grub-core/gettext: integer overflow leads to heap oob write.

CVE-2024-45777

CVSS3: 6.7

debian

около 1 года назад

A flaw was found in grub2. The calculation of the translation buffer w ...

GHSA-5hp2-x786-x3fq

CVSS3: 6.7

github

около 1 года назад

EPSS

Процентиль: 12%

0.00039

Низкий

6.7 Medium

CVSS3