CVE-2020-27749

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-27749

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27749.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-27749

Downstream

ALPINE-CVE-2020-27749

DEBIAN-CVE-2020-27749

DSA-4867-1

OESA-2021-1095

RHSA-2021:0696

RHSA-2021:0697

RHSA-2021:0698

RHSA-2021:0699

RHSA-2021:0700

RHSA-2021:0701

RHSA-2021:0702

RHSA-2021:0703

RHSA-2021:0704

RHSA-2021:1734

RHSA-2021:2566

RHSA-2021:2790

RHSA-2021:3675

SUSE-SU-2021:0679-1

SUSE-SU-2021:0681-1

SUSE-SU-2021:0682-1

SUSE-SU-2021:0683-1

SUSE-SU-2021:0684-1

SUSE-SU-2021:0685-1

SUSE-SU-2021:14659-1

UBUNTU-CVE-2020-27749

USN-4992-1

openSUSE-SU-2021:0462-1

openSUSE-SU-2024:10824-1

Related

Published

2021-03-03T17:15:11Z

Modified

2025-08-09T19:01:27Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages