CVE-2024-45780

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45780

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45780.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45780

Downstream

BELL-CVE-2024-45780

DEBIAN-CVE-2024-45780

OESA-2025-1216

OESA-2025-1217

OESA-2025-1218

OESA-2025-1233

OESA-2025-1291

SUSE-SU-2025:0586-1

SUSE-SU-2025:0587-1

SUSE-SU-2025:0588-1

SUSE-SU-2025:0607-1

SUSE-SU-2025:0629-1

UBUNTU-CVE-2024-45780

openSUSE-SU-2025:14822-1

Related

Published

2025-03-03T15:15:14Z

Modified

2025-08-09T19:01:26Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

References

Affected packages