CVE-2015-8370

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-8370

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-8370.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-8370

Related

Published

2015-12-16T21:59:04Z

Modified

2024-10-21T17:35:14Z

Summary

[none]

Details

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grubusernameget function in grub-core/normal/auth.c or the (2) grubpasswordget function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

References

Affected packages

Debian:11 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.02~beta2-33

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.02~beta2-33

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.02~beta2-33

Ecosystem specific

{
    "urgency": "not yet assigned"
}