Количество 20
Количество 20
CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_sectio ...
GHSA-849w-6cw8-9p7m
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
BDU:2020-03969
Уязвимость реализации функции read_section_as_string() загрузчика операционных систем Grub2, позволяющая нарушителю оказать влияние на целостность данных или вызвать отказ в обслуживании
openSUSE-SU-2020:1169-1
Security update for grub2
openSUSE-SU-2020:1168-1
Security update for grub2
SUSE-SU-2020:2079-1
Security update for grub2
SUSE-SU-2020:2078-1
Security update for grub2
SUSE-SU-2020:2077-1
Security update for grub2
SUSE-SU-2020:2076-1
Security update for grub2
SUSE-SU-2020:2074-1
Security update for grub2
SUSE-SU-2020:2073-1
Security update for grub2
SUSE-SU-2020:14440-1
Security update for grub2
ELSA-2020-5790
ELSA-2020-5790: grub2 security update (IMPORTANT)
ELSA-2020-5786
ELSA-2020-5786: grub2 security update (IMPORTANT)
ELSA-2020-5782
ELSA-2020-5782: grub2 security update (IMPORTANT)
ADV200011
Microsoft Guidance for Addressing Security Feature Bypass in GRUB
ROS-20220920-01
Множественные уязвимости GRUB
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-14310 There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. | CVSS3: 5.7 | 0% Низкий | почти 5 лет назад |
 | CVE-2020-14310 There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. | CVSS3: 5.7 | 0% Низкий | почти 5 лет назад |
 | CVE-2020-14310 There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. | CVSS3: 5.7 | 0% Низкий | почти 5 лет назад |
| CVE-2020-14310 There is an issue on grub2 before version 2.06 at function read_sectio ... | CVSS3: 5.7 | 0% Низкий | почти 5 лет назад |
| GHSA-849w-6cw8-9p7m There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. | 0% Низкий | около 3 лет назад | |
 | BDU:2020-03969 Уязвимость реализации функции read_section_as_string() загрузчика операционных систем Grub2, позволяющая нарушителю оказать влияние на целостность данных или вызвать отказ в обслуживании | CVSS3: 5.1 | 0% Низкий | почти 5 лет назад |
 | openSUSE-SU-2020:1169-1 Security update for grub2 | почти 5 лет назад | ||
| openSUSE-SU-2020:1168-1 Security update for grub2 | почти 5 лет назад | ||
| SUSE-SU-2020:2079-1 Security update for grub2 | почти 5 лет назад | ||
| SUSE-SU-2020:2078-1 Security update for grub2 | почти 5 лет назад | ||
| SUSE-SU-2020:2077-1 Security update for grub2 | почти 5 лет назад | ||
| SUSE-SU-2020:2076-1 Security update for grub2 | почти 5 лет назад | ||
| SUSE-SU-2020:2074-1 Security update for grub2 | почти 5 лет назад | ||
| SUSE-SU-2020:2073-1 Security update for grub2 | почти 5 лет назад | ||
| SUSE-SU-2020:14440-1 Security update for grub2 | почти 5 лет назад | ||
| ELSA-2020-5790 ELSA-2020-5790: grub2 security update (IMPORTANT) | почти 5 лет назад | ||
| ELSA-2020-5786 ELSA-2020-5786: grub2 security update (IMPORTANT) | почти 5 лет назад | ||
| ELSA-2020-5782 ELSA-2020-5782: grub2 security update (IMPORTANT) | почти 5 лет назад | ||
 | ADV200011 Microsoft Guidance for Addressing Security Feature Bypass in GRUB | почти 4 года назад | ||
 | ROS-20220920-01 Множественные уязвимости GRUB | почти 3 года назад |
Уязвимостей на страницу