Out-of-bounds write when handling split HTTP headers
CVE-2022-28734
8.1HIGH
What is CVE-2022-28734?
An out-of-bounds write vulnerability exists in the GRUB2 bootloader when it processes split HTTP headers. This flaw is due to the misalignment of the internal data buffer pointer, resulting in potential memory corruption. An attacker can exploit this vulnerability through crafted HTTP requests, leading to unintended modifications in GRUB2's internal memory metadata. Such exploitation can compromise the stability and security of systems reliant on GRUB2 for boot functionality.
Affected Version(s)
GNU GRUB Linux 0 < 2.06-3