CVE-2021-20225
published 2021-03-03CVE-2021-20225: A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | grub2 | < grub2 2.04-16 (bookworm) | grub2 2.04-16 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnu | grub2 | < 2.06 | 2.06 |
| gnu | grub2 | — | — |
| gnu | grub2 | >= 0 < 2.04-16 | 2.04-16 |
| gnu | grub2 | >= 0 < 2.04-16 | 2.04-16 |
| gnu | grub2 | >= 0 < 2.04-16 | 2.04-16 |
| gnu | grub2 | >= 0 < 2.04-16 | 2.04-16 |
| msrc | azl3_grub2_2.06-26_on_azure_linux_3.0 | — | — |
| msrc | cbl2_grub2_2.06rc1-7_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH