Описание
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.02~beta2-33 |
| esm-infra-legacy/trusty | not-affected | 2.02~beta2-9ubuntu1.6 |
| precise | released | 1.99-21ubuntu3.19 |
| trusty | released | 2.02~beta2-9ubuntu1.6 |
| trusty/esm | not-affected | 2.02~beta2-9ubuntu1.6 |
| upstream | needed | |
| vivid | released | 2.02~beta2-22ubuntu1.4 |
| wily | released | 2.02~beta2-29ubuntu0.2 |
Показывать по
EPSS
6.9 Medium
CVSS2
7.4 High
CVSS3
Связанные уязвимости
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
Multiple integer underflows in Grub2 1.98 through 2.02 allow physicall ...
EPSS
6.9 Medium
CVSS2
7.4 High
CVSS3