CVE-2022-3775 — Out-of-bounds Write in Grub2
Severity
7.1HIGHNVD
EPSS
0.1%
top 76.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 19
Latest updateAug 13
Description
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2
🔴Vulnerability Details
3CVEList▶
CVE-2022-3775: When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bit↗2022-12-19
OSV▶
CVE-2022-3775: When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bit↗2022-12-19
GHSA▶
GHSA-8h84-vmjf-pcmj: When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bit↗2022-12-19
📋Vendor Advisories
5Microsoft▶
Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences↗2024-08-13
Microsoft▶
CVE-2022-3775: FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One↗2022-12-13
Debian▶
CVE-2022-3775: grub2 - When rendering certain unicode sequences, grub2's font code doesn't proper valid...↗2022