Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-56737

Опубликовано: 29 дек. 2024
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

A flaw was found in the HFS file system driver in grub2. This issue allows a local attacker to trigger a heap-based buffer overflow via a specially crafted sblock in a malicious HFS file system, causing memory corruption, unexpected behavior, and denial of service.

Отчет

To exploit this flaw, an attacker needs to trick a user into running grub2 with a specially crafted HFS file system image, limiting the exposure of this flaw. For this reason, this vulnerability has been rated with a Moderate severity. The grub2 package as shipped in Red Hat Enterprise Linux 7, 8, 9 and in Red Hat OpenShift Container Platform 4 is not affected by this vulnerability because the HFS module is not built, so this issue is not applicable.

Меры по смягчению последствий

Do not run grub2 in an untrusted environment, specifically with a HFS file system image.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10grub2Not affected
Red Hat Enterprise Linux 7grub2Not affected
Red Hat Enterprise Linux 8grub2Not affected
Red Hat Enterprise Linux 9grub2Not affected
Red Hat OpenShift Container Platform 4rhcosNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2334772grub2: heap-based buffer overflow

EPSS

Процентиль: 28%
0.001
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-56737

CVSS3: 8.8
ubuntu
8 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

nvd логотип

CVE-2024-56737

CVSS3: 8.8
nvd
8 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

debian логотип

CVE-2024-56737

CVSS3: 8.8
debian
8 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in ...

github логотип

GHSA-9vr3-263w-c6mj

CVSS3: 8.8
github
8 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

fstec логотип

BDU:2025-00028

CVSS3: 8.8
fstec
8 месяцев назад

Уязвимость компонента HFS File System Handler загрузчика операционных систем Grub (Grub2), позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 28%
0.001
Низкий

7.8 High

CVSS3