CVE-2022-28733

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-28733

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28733.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-28733

Related

Published

2023-07-20T01:15:10Z

Modified

2024-09-18T03:17:44.330986Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Integer underflow in grubnetrecvip4packets; A malicious crafted IP packet can lead to an integer underflow in grubnetrecvip4packets() function on rsm->totallen value. Under certain circumstances the totallen value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

References

Affected packages

Debian:11 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-3~deb11u1

Affected versions

2.*

2.04-20

2.06-1

2.06-2

2.06-2+hurd.1

2.06-2+hurd.2

2.06-2+hurd.3

2.06-2+hurd.4

2.06-2+hurd.5

2.06-2+hurd.6

2.06-2+hurd.7

2.06-2+hurd.8

2.06-3~deb10u1

2.06-3~deb10u2

2.06-3~deb10u3

2.06-3~deb10u4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}