CVE-2020-14310

CWE-122 — Heap-based Buffer Overflow CWE-190 — Integer Overflow10 documents9 sources

Severity

6.0MEDIUM

EPSS

0.1%

top 83.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Grub2 THE Grub2 Project Grub2 Canonical Ubuntu Linux +5 more

Timeline

PublishedJul 31

Latest updateMay 24

Description

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.5 | Impact: 5.2

Affected Packages4 packages

▶NVDgnu/grub2< 2.06

▶Debiangrub2< 2.04-9+3

▶CVEListV5the_grub2_project/grub22.06

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 20.04, Enterprise Linux 7.0, 8.0, 8.1, 8.2

🔴Vulnerability Details

GHSA

GHSA-849w-6cw8-9p7m: There is an issue on grub2 before version 2↗2022-05-24

▶

CVEList

CVE-2020-14310: There is an issue on grub2 before version 2↗2020-07-31

▶

OSV

CVE-2020-14310: There is an issue on grub2 before version 2↗2020-07-31

▶

📋Vendor Advisories

Red Hat

grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow↗2020-07-29

▶

Ubuntu

GRUB 2 vulnerabilities↗2020-07-29

▶

Microsoft

▶

Debian

CVE-2020-14310: grub2 - There is an issue on grub2 before version 2.06 at function read_section_as_strin...↗2020

▶

💬Community

Bugzilla

CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow [fedora-all]↗2020-08-03

▶

Bugzilla

CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow↗2020-06-29

▶