CVE-2021-3695 — Out-of-bounds Write in Grub2
Severity
4.5MEDIUMNVD
EPSS
0.1%
top 81.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 6
Latest updateSep 8
Description
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. …
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.0 | Impact: 3.4
Affected Packages6 packages
Also affects: Fedora 36, Enterprise Linux 8.0, 8.1, 8.4, 9.0, 8.2, 8.6, Openshift Container Platform 4.10, 4.6, 4.9
🔴Vulnerability Details
4GHSA▶
GHSA-xjhh-w3rj-8mxm: A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area↗2022-07-07
CVEList▶
CVE-2021-3695: A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area↗2022-07-06
OSV▶
CVE-2021-3695: A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area↗2022-07-06
📋Vendor Advisories
4Microsoft▶
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and↗2022-07-12
Debian▶
CVE-2021-3695: grub2 - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the he...↗2021