CVE-2020-14308

Name
CVE-2020-14308
Description
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1852009
Mailing List http://www.openwall.com/lists/oss-security/2020/07/29/3
Third Party Advisory https://security.netapp.com/advisory/ntap-20200731-0008/
Third Party Advisory https://usn.ubuntu.com/4432-1/
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
GENTOO https://security.gentoo.org/glsa/202104-05
MLIST http://www.openwall.com/lists/oss-security/2021/09/17/2
MLIST http://www.openwall.com/lists/oss-security/2021/09/17/4
MLIST http://www.openwall.com/lists/oss-security/2021/09/21/1

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* grub2 >= None < 2.06

Vulnerable and fixed packages

Source package Branch Version Maintainer Status