VDB
DEBIAN-CVE-2024-45779
DEBIAN-CVE-2024-45779
PUBLISHED
CVSS 6 MEDIUM
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.
Risk Scores
CVSS v3.1
6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | grub2 | *, 2.12-1, 0 |
| Debian:13 | grub2 | 0, 0 |
| Debian:14 | grub2 | 0, 0 |
| Debian:11 | grub2 | 2.12-4, 2.12-5, 2.12-5+hurd.1 |
Timeline
- Mar 3, 2025 CVE Published
- May 16, 2026 CVE Updated