ALPINE-CVE-2020-14310

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2020-14310

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-14310.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2020-14310

Upstream

CVE-2020-14310

Published

2020-07-31T22:15:11Z

Modified

2025-09-30T05:17:33.895444Z

Severity

6.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

There is an issue on grub2 before version 2.06 at function readsectionasstring(). It expects a font name to be at max UINT32MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32MAX, leading to readsectionasstring() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

References

https://security.alpinelinux.org/vuln/CVE-2020-14310

Affected packages

Alpine:v3.17

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3

Alpine:v3.18

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3

Alpine:v3.19

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3

Alpine:v3.20

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3

Alpine:v3.21

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3

Alpine:v3.22

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3