CVE-2022-3775 Vulnerability Details

  /     /     /  

CVE-2022-3775 Metadata Quick Info

CVE Published: 19/12/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: redhat | Vendor: n/a | Product: grub2
Status : PUBLISHED

CVE-2022-3775 Description

When rendering certain unicode sequences, grub2\'s font code doesn\'t proper validate if the informed glyph\'s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\'s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-787
CWE Name: CWE-787
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2022-3775 Vulnerability Details