CVE-2021-20233

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20233

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20233.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20233

Downstream

ALPINE-CVE-2021-20233

DEBIAN-CVE-2021-20233

DSA-4867-1

OESA-2021-1095

RHSA-2021:0696

RHSA-2021:0697

RHSA-2021:0698

RHSA-2021:0699

RHSA-2021:0700

RHSA-2021:0701

RHSA-2021:0702

RHSA-2021:0703

RHSA-2021:0704

RHSA-2021:1734

RHSA-2021:2566

RHSA-2021:2790

RHSA-2021:3675

SUSE-SU-2021:0679-1

SUSE-SU-2021:0681-1

SUSE-SU-2021:0682-1

SUSE-SU-2021:0683-1

SUSE-SU-2021:0684-1

SUSE-SU-2021:0685-1

SUSE-SU-2021:14659-1

UBUNTU-CVE-2021-20233

USN-4992-1

openSUSE-SU-2021:0462-1

openSUSE-SU-2024:10824-1

Related

Published

2021-03-03T17:15:12Z

Modified

2025-08-09T19:01:28Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages