CVE-2024-45780

Medium CVSS: 6.7

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

Vendor

Gnu

Product

Grub2

CWE

CWE-787

Yayın Tarihi

2025-03-03 15:15:14

Güncelleme

2025-03-07 22:14:56

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-787 Grub2 MEDIUM Gnu 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2024-45780 https://bugzilla.redhat.com/show_bug.cgi?id=2345856 https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html

Benzer Kayıtlar

High

CVE-2026-4046

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when convertin…

Medium

CVE-2026-4647

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files…

High

CVE-2026-4437

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the…

Medium

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the…

Medium

CVE-2026-3441

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t…

Medium

CVE-2026-3442

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read,…