VDB
DEBIAN-CVE-2024-45776
DEBIAN-CVE-2024-45776
PUBLISHED
CVSS 6.699999809265137 MEDIUM
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
Risk Scores
CVSS 3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | grub2 | 0, 0 |
| Debian:11 | grub2 | 2.12-2, 2.06-4, 2.06-4 |
| Debian:12 | grub2 | 2.12~rc1-13, 2.12~rc1-2, 2.12~rc1-1 |
| Debian:13 | grub2 | 0, 0 |
Timeline
- Feb 18, 2025 CVE Published
- May 16, 2026 CVE Updated