CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14308 – grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14308
28 Jul 2020 — In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. En grub2 versiones anteriores a 2.06, el asignador de memoria grub no comprueba posibles desbordamientos aritméticos en el tamaño de asignación solicitada. Esto conlleva a la función a devolve... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 1CVE-2020-10713 – grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
https://notcve.org/view.php?id=CVE-2020-10713
28 Jul 2020 — A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string t... • https://github.com/eclypsium/BootHole • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14309 – grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14309
28 Jul 2020 — There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. Se presenta un problema con grub2 en todas las versiones anteriores a 2.06, cuando se manejan sistemas de archivos squashfs que contienen un enlace simbólico con una longitud de nombre de UINT32 b... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2020-15706 – GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
https://notcve.org/view.php?id=CVE-2020-15706
28 Jul 2020 — GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 contiene una condición de carrera en la función grub_script_function_create() que conlleva a una vulnerabilidad de uso de la memoria previamente liberada la cual puede ser de... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14311 – grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14311
28 Jul 2020 — There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. Se presenta un problema con grub2 versiones anteriores a 2.06, mientras se maneja un symlink en los sistemas de archivos ext. Un sistema de archivos que contiene un enlace simbólico con un tamaño de inode de UINT32_MAX causa un des... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14310 – grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14310
28 Jul 2020 — There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. Se presenta un problema en grub2 ve... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2020-15807
https://notcve.org/view.php?id=CVE-2020-15807
17 Jul 2020 — GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files. GNU LibreDWG versiones anteriores a 0.11, permite una desreferencia de puntero NULL por medio de archivos de entrada diseñados • https://github.com/LibreDWG/libredwg/issues/186 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20909
https://notcve.org/view.php?id=CVE-2019-20909
16 Jul 2020 — An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec. Se detectó un problema en GNU LibreDWG versiones hasta 0.9.3. Se presenta una desreferencia del puntero NULL en la función dwg_encode_LWPOLYLINE en el archivo dwg.spec • https://github.com/LibreDWG/libredwg/commit/d7913b893bfa98fab27f05825dc4cab2d3a20c83 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20910
https://notcve.org/view.php?id=CVE-2019-20910
16 Jul 2020 — An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011. Se detectó un problema en GNU LibreDWG versiones hasta 0.9.3. Una entrada diseñada conllevará a una lectura excesiva de búfer en la región heap de la memoria en la función decode_R13_R2000 en el archivo decode.c, una vulnerabilidad diferente a CVE-2019-20011 • https://github.com/LibreDWG/libredwg/commit/f878ba67b638f0d5050b6dba61b9737f64fc53de • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20911
https://notcve.org/view.php?id=CVE-2019-20911
16 Jul 2020 — An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop. Se detectó un problema en GNU LibreDWG versiones hasta 0.9.3. Una entrada diseñada conllevará a una denegación de servicio en la función bit_calc_CRC en el archivo bits.c, relacionado con un bucle for • https://github.com/LibreDWG/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •