← Back

CVE-2020-14311

nvd nist
Published: Jul 31, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.0
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Exploitability: 0.8 / Impact: 5.2
Source: NVD

Description

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

Affected (13)

Show all products
Gnu: Grub2 · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus · Opensuse: Leap · Canonical: Ubuntu Linux
Gnu
1 product
Grub2
Redhat
4 products
Enterprise Linux
Enterprise Linux Eus
Enterprise Linux Server Aus
Enterprise Linux Server Tus
Opensuse
1 product
Leap
Canonical
1 product
Ubuntu Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Grub2
Before 2.06
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 7.0
Enterprise Linux
Version 8.0
Redhat
Enterprise Linux Eus
Version 8.1
Enterprise Linux Eus
Version 8.2
Enterprise Linux Server Aus
Version 8.2
Enterprise Linux Server Tus
Version 8.2
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Leap
Version 15.1
Leap
Version 15.2
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 20.04

Related CWEs

CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-190
Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (16)

Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.