Heap-Based Buffer Overflow in GNU GRUB2 Affected by Malicious HFS Filesystem Data
CVE-2024-56737

8.8HIGH

Key Information:

Vendor: Gnu
Status: Grub2
Vendor: CVE Published:; 29 December 2024

Summary

A vulnerability exists in GNU GRUB2 (version 2.12) that is triggered by a heap-based buffer overflow. This flaw can be exploited if an attacker uses specially crafted sblock data within an HFS filesystem. Such an exploitation may lead to unauthorized access or corruption of memory, impacting the stability and security of systems utilizing this bootloader. Addressing this issue promptly is crucial for maintaining system integrity and protecting against potential threats.

Affected Version(s)

GRUB2 2.00 <= 2.12

References

https://savannah.gnu.org/bugs/?66599

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 29, 2024