Heap-based Buffer Overflow in GRUB2 Affecting Multiple Distributions
CVE-2020-14309
6.7MEDIUM
What is CVE-2020-14309?
A vulnerability in GRUB2 affects all versions before 2.06, specifically when processing squashfs filesystems containing symbolic links that have a name length of UINT32 bytes. This leads to an arithmetic overflow that can cause a zero-size allocation, eventually resulting in a heap-based buffer overflow that may be exploited by attackers to execute arbitrary code or compromise system integrity.
Affected Version(s)
Grub All grub2 versions before 2.06