vulnerability
Amazon Linux 2023: CVE-2022-28734: Important priority package update for grub2
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:P/I:P/A:C) | Jun 7, 2022 | Feb 17, 2025 | Jul 9, 2025 |
Severity
8
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:C)
Published
Jun 7, 2022
Added
Feb 17, 2025
Modified
Jul 9, 2025
Description
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a malicious set of HTTP packages making grub2 corrupt its internal memory metadata structure. This leads to data integrity and confidentiality issues or forces grub to crash, resulting in a denial of service attack.
A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a malicious set of HTTP packages making grub2 corrupt its internal memory metadata structure. This leads to data integrity and confidentiality issues or forces grub to crash, resulting in a denial of service attack.
Solutions
amazon-linux-2023-upgrade-grub2-commonamazon-linux-2023-upgrade-grub2-debuginfoamazon-linux-2023-upgrade-grub2-debugsourceamazon-linux-2023-upgrade-grub2-efi-aa64amazon-linux-2023-upgrade-grub2-efi-aa64-cdbootamazon-linux-2023-upgrade-grub2-efi-aa64-ec2amazon-linux-2023-upgrade-grub2-efi-aa64-modulesamazon-linux-2023-upgrade-grub2-efi-x64amazon-linux-2023-upgrade-grub2-efi-x64-cdbootamazon-linux-2023-upgrade-grub2-efi-x64-ec2amazon-linux-2023-upgrade-grub2-efi-x64-modulesamazon-linux-2023-upgrade-grub2-emuamazon-linux-2023-upgrade-grub2-emu-debuginfoamazon-linux-2023-upgrade-grub2-emu-modulesamazon-linux-2023-upgrade-grub2-pcamazon-linux-2023-upgrade-grub2-pc-modulesamazon-linux-2023-upgrade-grub2-toolsamazon-linux-2023-upgrade-grub2-tools-debuginfoamazon-linux-2023-upgrade-grub2-tools-efiamazon-linux-2023-upgrade-grub2-tools-efi-debuginfoamazon-linux-2023-upgrade-grub2-tools-extraamazon-linux-2023-upgrade-grub2-tools-extra-debuginfoamazon-linux-2023-upgrade-grub2-tools-minimalamazon-linux-2023-upgrade-grub2-tools-minimal-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.