CVE-2021-3696
grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
Severity Score
4.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Puede producirse una escritura fuera de límites de la pila durante el manejo de las tablas Huffman en el lector PNG. Esto puede conllevar a una corrupción de datos en el espacio de la pila. El impacto en la confidencialidad, integridad y disponibilidad puede considerarse bajo ya que es muy complejo que un atacante controle la codificación y el posicionamiento de las entradas Huffman corruptas para conseguir resultados como la ejecución de código arbitrario y/o la omisión del arranque seguro. Este fallo afecta a grub2 versiones anteriores a grub-2.12
A flaw was found in grub2 when handling a PNG image header. When decoding the data contained in the Huffman table at the PNG file header, an out-of-bounds write may happen on grub's heap.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-08-10 CVE Reserved
- 2022-06-20 CVE Published
- 2024-01-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20220930-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1991686 | 2022-06-16 | |
| https://security.gentoo.org/glsa/202209-12 | 2023-09-13 | |
| https://access.redhat.com/security/cve/CVE-2021-3696 | 2022-06-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 4.6 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.6" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 4.9 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.9" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 4.10 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.10" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.2" | - |
Safe
|
| Redhat Search vendor "Redhat" | Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.4" | - |
Safe
|
| Redhat Search vendor "Redhat" | Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.6" | - |
Safe
|
| Redhat Search vendor "Redhat" | Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 9.0 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "9.0" | - |
Safe
|
| Gnu Search vendor "Gnu" | Grub2 Search vendor "Gnu" for product "Grub2" | >= 2.00 < 2.12 Search vendor "Gnu" for product "Grub2" and version " >= 2.00 < 2.12" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Developer Tools Search vendor "Redhat" for product "Developer Tools" | 1.0 Search vendor "Redhat" for product "Developer Tools" and version "1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | 3.0 Search vendor "Redhat" for product "Openshift" and version "3.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.1 Search vendor "Redhat" for product "Enterprise Linux" and version "8.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.4 Search vendor "Redhat" for product "Enterprise Linux" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 9.0 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" | 8.0 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" | 9.0 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 9.0 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" | 8.1 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" | 9.0 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.6" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||