vulnerability

Red Hat: CVE-2021-20225: Heap out-of-bounds write in short form option parser (Multiple Advisories)

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
03/02/2021
Added
03/03/2021
Modified
12/15/2023

Description

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Solution(s)

redhat-upgrade-fwupdredhat-upgrade-fwupd-debuginforedhat-upgrade-fwupd-debugsourceredhat-upgrade-fwupd-tests-debuginforedhat-upgrade-grub2redhat-upgrade-grub2-commonredhat-upgrade-grub2-debuginforedhat-upgrade-grub2-debugsourceredhat-upgrade-grub2-efi-aa64-modulesredhat-upgrade-grub2-efi-ia32redhat-upgrade-grub2-efi-ia32-cdbootredhat-upgrade-grub2-efi-ia32-modulesredhat-upgrade-grub2-efi-x64redhat-upgrade-grub2-efi-x64-cdbootredhat-upgrade-grub2-efi-x64-modulesredhat-upgrade-grub2-pcredhat-upgrade-grub2-pc-modulesredhat-upgrade-grub2-ppc-modulesredhat-upgrade-grub2-ppc64-modulesredhat-upgrade-grub2-ppc64le-modulesredhat-upgrade-grub2-toolsredhat-upgrade-grub2-tools-debuginforedhat-upgrade-grub2-tools-efiredhat-upgrade-grub2-tools-efi-debuginforedhat-upgrade-grub2-tools-extraredhat-upgrade-grub2-tools-extra-debuginforedhat-upgrade-grub2-tools-minimalredhat-upgrade-grub2-tools-minimal-debuginforedhat-upgrade-shim-ia32redhat-upgrade-shim-unsigned-x64redhat-upgrade-shim-x64
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.