Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-45780

Опубликовано: 03 мар. 2025
Источник: ubuntu
Приоритет: medium
CVSS3: 6.7

Описание

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

РелизСтатусПримечание
devel

not-affected

does not affect Secure Boot
esm-infra-legacy/trusty

ignored

update incompatible with kernel
esm-infra/bionic

not-affected

does not affect Secure Boot
esm-infra/focal

not-affected

does not affect Secure Boot
esm-infra/xenial

not-affected

does not affect Secure Boot
focal

not-affected

does not affect Secure Boot
jammy

not-affected

does not affect Secure Boot
noble

not-affected

does not affect Secure Boot
oracular

not-affected

does not affect Secure Boot
plucky

not-affected

does not affect Secure Boot

Показывать по

РелизСтатусПримечание
devel

needs-triage

esm-infra-legacy/trusty

ignored

update incompatible with kernel
esm-infra/bionic

needs-triage

esm-infra/focal

needs-triage

esm-infra/xenial

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

noble

needs-triage

oracular

ignored

end of life, was needs-triage
plucky

needs-triage

Показывать по

РелизСтатусПримечание
devel

needs-triage

esm-infra/bionic

needs-triage

esm-infra/focal

needs-triage

esm-infra/xenial

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

noble

needs-triage

oracular

ignored

end of life, was needs-triage
plucky

needs-triage

upstream

needs-triage

Показывать по

Ссылки на источники

6.7 Medium

CVSS3

Связанные уязвимости

CVSS3: 6.7
redhat
6 месяцев назад

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

CVSS3: 6.7
nvd
5 месяцев назад

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

CVSS3: 6.7
debian
5 месяцев назад

A flaw was found in grub2. When reading tar files, grub2 allocates an ...

CVSS3: 6.7
github
5 месяцев назад

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

CVSS3: 6.7
fstec
6 месяцев назад

Уязвимость компонента tar Handler загрузчика операционных систем Grub2, позволяющая нарушителю обойти механизм безопасной загрузки

6.7 Medium

CVSS3