CVE-2022-3775

7.1HIGH

Key Information

Vendor: Gnu
Status: Grub2
Vendor: CVE Published:; 19 December 2022

Summary

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

Affected Version(s)

grub2 = All up to 2.06

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 19, 2022
Vulnerability Reserved.
Oct 31, 2022

Collectors

NVD DatabaseMitre DatabaseGnu Feed