Integer Overflow or Wraparound Affecting grub2 package, versions [0,]


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-GRUB2-8746068
  • published25 Feb 2025
  • disclosed18 Feb 2025
  • creditJonathan Bar Or

Introduced: 18 Feb 2025

NewCVE-2025-0690  (opens in a new tab)
CWE-190  (opens in a new tab)

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the read function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers this overflow.

Note:

This is only exploitable if the attacker has physical access and high privileges.

CVSS Scores

version 4.0
version 3.1