CVE-2026-24795
- Source
- https://cve.org/CVERecord?id=CVE-2026-24795
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24795.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-24795
- Published
- 2026-01-27T09:15:49.233Z
- Modified
- 2026-01-29T06:51:51.661842Z
- Severity
-
- 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber CVSS Calculator
- Summary
- [none]
- Details
-
Out-of-bounds Write vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regcomp.C.
This issue affects CloverBootloader: before 5162.
- References
Affected packages
Git / github.com/cloverhackycolor/cloverbootloader
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloverhackycolor/cloverbootloader
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
5071
5078
5081
5084
5089
5091
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-047cef58",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/fs/fshelp.c"
},
"digest": {
"line_hashes": [
"138290843383260351882704350940372067164",
"87517361851991680884061813549582763810",
"27819856051522830486978956414001635442",
"180161424470412849037939310487322507132"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-07e2acd4",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/kern/disk.c"
},
"digest": {
"line_hashes": [
"126807914141974700215174077865900170148",
"246700368711976479549547631504411334185",
"198426971017785359944563484944524947735",
"96601472169635974774654658499149789636",
"141376919408795813358450878045249784702",
"266731447141322160193760657512653676922",
"302678444944055224753677880859574473700",
"122474048750210892063005215336975558309"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-0ccf128a",
"target": {
"file": "FileSystems/GrubFS/grub/include/grub/misc.h"
},
"digest": {
"line_hashes": [
"44707056583907238532522699969047367413",
"114774859381467859244505623432007960515",
"65677020221860123571590533895113591985",
"248991823404322326698006761838580700516",
"233669777362087750604377968845311056477"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-247c38d3",
"target": {
"file": "FileSystems/GrubFS/grub/include/grub/crypto.h"
},
"digest": {
"line_hashes": [
"260463828316776243245767994491464112417",
"199427031712531689045155269802882911033",
"158025285694678948567650672944555914414",
"151058605434055245461495115389593030698",
"41001751810446787146280461236438702847",
"277765347236738778741354320279134113490",
"20575558636328525890135942131493941737",
"188436998887156417882527719486858602940"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-2519435d",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/fs/ntfs.c"
},
"digest": {
"line_hashes": [
"292906013658053852192240371930489513086",
"89565297501197358379075223756334963365",
"150384997853124236349814517770879361742",
"167919921237948412832768606336296442163",
"22368582307278442853499960953889230278",
"130440505019788170913967803844096465295",
"12491043298620415824899169844843943252",
"40633233320583330380170671628777403279",
"222070628306255493188881025134201370743",
"159498854795363046958633525177431873351",
"163517216917037782453812631428556689598",
"314990828669127106370204836313301037127",
"156876452337063509495183726613849460731",
"12330041641888132450651630576989669463",
"36633251021983373176019627922211731855",
"98134002344785500599835027011476511814"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-27998d95",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/fs/hfsplus.c"
},
"digest": {
"line_hashes": [
"31294307313404182941666282936373524829",
"326440922567803002130145037844001873759",
"78768715288474297671592199705127288226",
"337780632894788899347456593749787214027",
"93308414560349976366071754011539270269",
"32989202632199436720169034026143510813",
"302511730843620332798896417514432862533",
"41705127713737342123017356993409710100"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-444667b2",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/fs/zfs/zfs.c"
},
"digest": {
"line_hashes": [
"13540042948802438271633281157664828583",
"175274169532911164640698416778332335386",
"105631677735977405368857808824287659107",
"304292159408448200683831267517830302490",
"25452971015944208276608784731413936967",
"78506683547908699025206429043063431729",
"40542137822913737619035728169259802215",
"207105788499785729562135092946766754921",
"19563997519931264371044227291747190261",
"4721469538226277172031442993028964781",
"279645806680645959134217569084290302769",
"117938098803671751262172504367039359901",
"313327353454939396319261906221885737096",
"326019345371665230526528322618819629328",
"178624639162298059567595774880165435200",
"312221736520082998083929112156085472569",
"254157192483615858877131083312150454919",
"68856150089675762321279365555664904114"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-47d52145",
"target": {
"file": "rEFIt_UEFI/libeg/XIcon.cpp"
},
"digest": {
"line_hashes": [
"125434942684532059475949012411651912009",
"57554711649878688451158522089929317303",
"291863174403876267999174190782799633708",
"60289343054555795781065557275554598103"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-4d49e982",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/fs/fat.c"
},
"digest": {
"line_hashes": [
"81437959566084203474954791387637798221",
"138972404704011474989078146589469966648",
"99934114103205986142427695779664656612",
"294403830004255858864440580863962323185",
"27982736177400184427629498279805500178",
"30324439756558875528450208548510437843",
"130278812252195876720424533442978093168",
"48165289108006074472425007659889235767",
"196793617077845820526020628294758692737",
"205381674572054094090864068677171002352",
"95518831479485333231238032796265765341",
"89744454167034047382436252055482879650",
"253110306404623002708134643487033503732",
"196377684696852502340350294612335146684",
"274590246123886485504011739206530095508",
"253541522938454451806661608441324897275",
"12617144908105738263062962692081284444",
"221541549305686642212685127407057511849",
"184023730420792876206035186243137933076",
"230732348150997364635490601497510197248",
"249095101227463948009211449284231291940",
"9918508169968928883293546514307511802",
"199335722016233643704788218179966347891",
"124179189918058913255851199743784997534"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-54d75179",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/lib/libgcrypt/src/gcrypt.h"
},
"digest": {
"line_hashes": [
"269824464597613553171247655532935203736",
"66681180974301974991385930268439927108",
"220104386423742020097247588997355648958",
"311321369310613041313273298659333218847",
"195795211558711384584650330195805470068",
"150269740933243943839652953253764381458",
"162727490699598342630519795535339924287",
"277766498803647708301550211611555254018",
"176896851033479394455672471947157635924"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-5e8c8d47",
"target": {
"file": "rEFIt_UEFI/entry_scan/loader.cpp",
"function": "GetOSVersion"
},
"digest": {
"function_hash": "228062111567853037020687102701874902804",
"length": 13741.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-6cd73e02",
"target": {
"file": "FileSystems/GrubFS/grub/include/grub/disk.h"
},
"digest": {
"line_hashes": [
"17155510734505240663308122515154290186",
"121484721671998399619470704731064525994",
"143883922227362657413058127601599259546",
"200651262415556723781603547235818007669",
"127916268372648884033635934768798908937",
"329605753900734618176628118393803458011",
"29132383423917498906654184968646289946",
"196720142831988122546613068040546304528"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-7932fd3b",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/fs/iso9660.c"
},
"digest": {
"line_hashes": [
"223568010566379622994044755622361207857",
"266329630593405967377114471266151845119",
"170078978040743278522483250516045318130",
"336920498891526731729874332615817101727",
"36749522241692727603130841109410186235",
"324848766442285081912227070256794122627",
"243245568337011465990518295958080235788",
"122701468013303091260826103558863422153",
"176252205635379281635644497387799006937",
"199827583914966688243505254143738828870",
"120544370684962228573878518018664414104",
"295191653879801416576047784129347463241",
"196546865558459399457055856393747064696",
"277957643388368582320601770602954706585",
"33225764491274890328789007444564610843",
"120865396077780047895600603752937048524",
"209061887982619952643049734345915781215",
"184351752587673890463081481699092845743",
"152457288955582673972232700237400645177",
"57747098799788362857829952604633542766"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-7e203f81",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/fs/udf.c"
},
"digest": {
"line_hashes": [
"271356436247698808740137505297031823756",
"238864837492933216554377188380736485226",
"260826754421121473405381969281561352225",
"337917870228576825095368469026453877227",
"52626409904370712593974330261692124144",
"208677540754701146186971971088239404770",
"205442850293500761058165398467332136465",
"222517147164602116390952856911865933323",
"52626409904370712593974330261692124144",
"208677540754701146186971971088239404770",
"205442850293500761058165398467332136465",
"222517147164602116390952856911865933323",
"309635748775675842176699047609011210379",
"125870530686069833760644544252916540286",
"283332385652323563282994703886965605186",
"303072100588404663268710844841079945214",
"48905992484871544943610873143170906692",
"102884923401111703561578139475548064278",
"224978552938033304169414762312365841352",
"30011446758218224312338256533286574392",
"84465250174984451295744127399899534473",
"42449901085964368233669821690267462479",
"328079948622944754793541880355450801096",
"313718289796646509620318783585532841775",
"19877029360851120205455306082468068593",
"154146596298232031273903189871612726696",
"94570578990538888581001809346278006397",
"115925277731313208195699274027868724800",
"328327879450703614071617692062914251944",
"304043430013414851656825016799000599268",
"115885028653972612201410556066464733891",
"52350719717297824496037819061452852342",
"161416730167329135473895076132455376933",
"94220163506600575185450396890313643251",
"66558550906149350095229410511256606614",
"289134151338675343937119558030217724014"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-9544550e",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/lib/libgcrypt/cipher/rijndael.c"
},
"digest": {
"line_hashes": [
"53306978702014110102788685254746837417",
"280528091497473956513854823199460600083",
"340186355283394602349655209050760085273",
"135778778054590080208922255820526171599"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-a51fb20b",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/fs/ntfscomp.c"
},
"digest": {
"line_hashes": [
"63461547508548307058713413213153857619",
"193857558701077988525652939379764004615",
"185750495805942108143802913778637372287",
"251620065650222041868633015171731848863",
"112149149160069664481906390137743799546",
"177305724659597441975901547536450218654",
"231466159925498118470041687434589538780",
"274107403546166302317447567146711549551",
"227929059259685782209886323629487318896",
"177305724659597441975901547536450218654",
"65628308439708664754093862078711503713",
"210851751479374941629720555581154611246"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-c1fc0da7",
"target": {
"file": "rEFIt_UEFI/Settings/ConfigPlist/SMBIOSPlist.h"
},
"digest": {
"line_hashes": [
"97600406797424670984401871324883784201",
"15795552799871664253548795301174795813",
"155426172230416131649402957460296029892",
"319895253834710865850322412754917481500",
"172845845710869629130385456196475310702",
"273129882869146358062024315275421822550",
"19651840995947803983797664003717171860",
"26448663436653297232012116707647183899",
"217766957381902156880122167059307149618"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-c2b5d8a4",
"target": {
"file": "rEFIt_UEFI/entry_scan/loader.cpp",
"function": "GetOSIconName"
},
"digest": {
"function_hash": "95628645430067554060347505083985505956",
"length": 1530.0
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-c623496e",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/fs/proc.c"
},
"digest": {
"line_hashes": [
"143647851938705246421825559687551604967",
"283541053692469950892243368774287537806",
"3701605496728777798475671439940926198",
"264323020724583932501140395206687390047"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-d5df9a94",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/lib/libgcrypt/src/gcrypt-module.h"
},
"digest": {
"line_hashes": [
"260463828316776243245767994491464112417",
"199427031712531689045155269802882911033",
"158025285694678948567650672944555914414",
"151058605434055245461495115389593030698",
"41001751810446787146280461236438702847",
"277765347236738778741354320279134113490",
"20575558636328525890135942131493941737",
"188436998887156417882527719486858602940",
"217346711674495515976449116534284417761",
"278489272591949674481994433791676482168",
"82122903347791242909498188452111391227",
"237441875581816155486548011877596320737",
"232516742775668591774061775267295739295",
"9762309452069759355471575041591960319",
"144671113076973477534904396128335675104",
"254513084417957565404425820843894123129",
"38424798147889797638155967741606796489",
"157589761899930671504874858998780732466",
"261369431135034732184329522671886616454",
"297257609669574763537722438478716835835",
"145848940304734707276954564637130054473",
"121020863204586205260611569828959805699",
"261287667124797967743805835164305116628",
"67571091592188189386719145857577470627",
"288694841746485963227140251064568969530",
"42678703971486947199682240000758576208",
"243925855841865117821092629025140253901",
"62936402301558328131070619460219904741",
"337935426346511343951857772931183332501",
"339573369573248017468694673645818122758",
"58822900387681656387428351500768308949",
"59005177418410051434880839860950794154",
"140557208340885503177936389472792308289",
"86153822844337992325157162364168965456",
"121727518810597783199458926000372830008",
"2565473633307203318249667689255868815",
"14595010420075847488968605000790154912",
"17453934197786004517775449354526106970",
"277087849001483378480150388229322620678",
"227654295074199814524633771548591421761",
"307289555471231769677703629979561878096",
"322148377808554934643307777327080754391",
"127453146027238203831730983123839647351",
"273480768272728885961631025204364642742",
"304986007242077499822717977359570302184",
"131058173080417059759882542038115371317",
"246823432354664195079700819649490564772",
"182748772024860094197210161955027006479",
"304552506721329178792820372023181247843",
"107388720344064522566006741696296506531",
"123153980922743640680102961385598176910",
"206818991216321205715842202341108185088",
"190755745161847823161595118937446842327",
"212755566399763835124374134848917266172",
"49459059268499106587179057645299267108",
"206126715051496838746436490313565671113",
"84914809985848479856319781262225138955",
"299387260536667500615907263173331355599",
"241875415939418797297795883878418219534",
"203657699936407062666053931034547760454",
"168540684580722428746409962535867105896",
"154381453585105346853985572417499070873",
"236425634281105623175238847490044147700"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-dd15920d",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/lib/libgcrypt/src/types.h"
},
"digest": {
"line_hashes": [
"332244260969078471414327368960629867301",
"278499719656476946107918585244120785013",
"133104801038306463897322158259069690002",
"16395989403644243958198554278516781060"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-e06c7f6d",
"target": {
"file": "rEFIt_UEFI/Settings/ConfigPlist/ConfigPlistClass.h"
},
"digest": {
"line_hashes": [
"266351142370575383201934516126798086707",
"284205544516357063650505401786030784458",
"110095490237112634139635964710045235759",
"69811016940757245380620700135327965640",
"181407408069557727932694593750984700596",
"222615206845820123159902364820663830996",
"94870118955762626740397390029267577426",
"158822739306273211356914112233975186714",
"55420293118561079506602686104977075966",
"273129882869146358062024315275421822550",
"229061139860740034456015847684982179627",
"272814560344976406777198857470307645430",
"228720685845652791959943298602144260436"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-e33cddb4",
"target": {
"file": "FileSystems/GrubFS/grub/grub-core/lib/libgcrypt/src/cipher.h"
},
"digest": {
"line_hashes": [
"209228444775154956384327401172849333686",
"38410634925380083649008155720430762125",
"195134945308207545748845950316067312986"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/cloverhackycolor/cloverbootloader/commit/2e0a53ecc9b5501a55f2e7288c51373f4f30c029",
"id": "CVE-2026-24795-f1c60dd3",
"target": {
"file": "rEFIt_UEFI/entry_scan/loader.cpp"
},
"digest": {
"line_hashes": [
"156202701324703622281253112812263873940",
"235786526192306445907965509235726484282",
"296652883192214996426964576202147809472",
"298867735645011649150073811806006903753",
"163603780350325628187057089996269524045",
"270641411522189382576653134314822977005",
"213905606455798497451417648229910028738",
"188727365527928725887435164817715761819"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24795.json"