A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Se encontró un fallo en grub2 en versiones anteriores a 2.06. La función Setparam_prefix() en el código de renderización del menú lleva a cabo un cálculo de longitud asumiendo que expresar una comilla simple entre comillas requerirá 3 caracteres, mientras que actualmente requiere 4 caracteres, lo que permite a un atacante corromper la memoria por un byte para cada comilla en la entrada. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, así como la disponibilidad del sistema
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | HIGH |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:L/AC:L/Au:N/C:C/I:C/A:C
| Access Vector | LOCAL |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | COMPLETE |
| Integrity Impact | COMPLETE |
| Availability Impact | COMPLETE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-787
|
| [email protected] | Primary |
en
CWE-787
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| gnu | grub2 | * | <built-in method update of dict object at 0x72a963c6be40> | Application |
| redhat | enterprise_linux | 7.0 | <built-in method update of dict object at 0x72a9cd08cc00> | Operating System |
| redhat | enterprise_linux | 8.0 | <built-in method update of dict object at 0x72a9cd08dbc0> | Operating System |
| redhat | enterprise_linux_server_aus | 7.2 | <built-in method update of dict object at 0x72a963c69f80> | Operating System |
| redhat | enterprise_linux_server_aus | 7.3 | <built-in method update of dict object at 0x72a963c68c40> | Operating System |
| redhat | enterprise_linux_server_aus | 7.4 | <built-in method update of dict object at 0x72a963c6b540> | Operating System |
| redhat | enterprise_linux_server_aus | 7.6 | <built-in method update of dict object at 0x72a9cd08f040> | Operating System |
| redhat | enterprise_linux_server_aus | 7.7 | <built-in method update of dict object at 0x72a9cd08c880> | Operating System |
| redhat | enterprise_linux_server_aus | 8.2 | <built-in method update of dict object at 0x72a961eca580> | Operating System |
| redhat | enterprise_linux_server_eus | 7.6 | <built-in method update of dict object at 0x72a963c6bb00> | Operating System |
| redhat | enterprise_linux_server_eus | 7.7 | <built-in method update of dict object at 0x72a961ecac00> | Operating System |
| redhat | enterprise_linux_server_eus | 8.1 | <built-in method update of dict object at 0x72a9cd08f280> | Operating System |
| redhat | enterprise_linux_server_tus | 7.4 | <built-in method update of dict object at 0x72a961ecb240> | Operating System |
| redhat | enterprise_linux_server_tus | 7.6 | <built-in method update of dict object at 0x72a963c68500> | Operating System |
| redhat | enterprise_linux_server_tus | 7.7 | <built-in method update of dict object at 0x72a9cd08d4c0> | Operating System |
| redhat | enterprise_linux_server_tus | 8.2 | <built-in method update of dict object at 0x72a961ecb0c0> | Operating System |
| redhat | enterprise_linux_workstation | 7.0 | <built-in method update of dict object at 0x72a9cd08e180> | Operating System |
| fedoraproject | fedora | 33 | <built-in method update of dict object at 0x72a9cd08d700> | Operating System |
| fedoraproject | fedora | 34 | <built-in method update of dict object at 0x72a961ec9c00> | Operating System |
| netapp | ontap_select_deploy_administration_utility | - | <built-in method update of dict object at 0x72a999778840> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_eus:8.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |