CVE-2020-14309

CWE-190Integer OverflowCWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow10 documents9 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 86.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU Grub2Opensuse Leap
Timeline
PublishedJul 30
Latest updateMay 24

Description

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

NVDgnu/grub2< 2.06
Debiangrub2< 2.04-9+3
CVEListV5grubAll grub2 versions before 2.06
NVDopensuse/leap15.1, 15.2+1

🔴Vulnerability Details

3
GHSA
GHSA-8whj-mpcj-4jv6: There's an issue with grub2 in all versions before 22022-05-24
OSV
CVE-2020-14309: There's an issue with grub2 in all versions before 22020-07-30
CVEList
CVE-2020-14309: There's an issue with grub2 in all versions before 22020-07-30

📋Vendor Advisories

4
Ubuntu
GRUB 2 vulnerabilities2020-07-29
Red Hat
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow2020-07-29
Microsoft
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic ove2020-07-14
Debian
CVE-2020-14309: grub2 - There's an issue with grub2 in all versions before 2.06 when handling squashfs f...2020

💬Community

2
Bugzilla
CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow [fedora-all]2020-08-03
Bugzilla
CVE-2020-14309 grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow2020-06-29
CVE-2020-14309 (MEDIUM CVSS 6.7) | There's an issue with grub2 in all | cvebase.io