VYPR

Gnu Grub

by Gnu Project

CVEs (5)

  • CVE-2022-28736Jul 20, 2023
    risk 0.00cvss epss 0.00

    There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free…

  • CVE-2022-28735Jul 20, 2023
    risk 0.00cvss epss 0.00

    The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

  • CVE-2022-28734Jul 20, 2023
    risk 0.00cvss epss 0.01

    Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the…

  • CVE-2022-28733Jul 20, 2023
    risk 0.00cvss epss 0.01

    Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number…

  • CVE-2013-4577May 12, 2014
    risk 0.00cvss epss 0.00

    A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.