Updated: 2023-08-25 20:01:59.124062
Description:
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | CRITICAL | 9.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 7 ELS | grub2 | 2.02 | 9.8 | CRITICAL | Already Fixed | 2023-09-20 09:33:22 | |
| CentOS 8.4 ELS | grub2 | 2.02 | 9.8 | CRITICAL | Released | CLSA-2022:1669388927 | 2022-11-25 10:21:54 |
| CentOS 8.5 ELS | grub2 | 2.02 | 9.8 | CRITICAL | Released | CLSA-2022:1669390018 | 2022-11-25 13:21:57 |