Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.704735
Category:Debian Local Security Checks
Title:Debian: Security Advisory for grub2 (DSA-4735-1)
Summary:The remote host is missing an update for the 'grub2'; package(s) announced via the DSA-4735-1 advisory.
Description:Summary:
The remote host is missing an update for the 'grub2'
package(s) announced via the DSA-4735-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the GRUB2 bootloader.

CVE-2020-10713
A flaw in the grub.cfg parsing code was found allowing to break
UEFI Secure Boot and load arbitrary code. Details can be found at
at the linked references.
It was discovered that grub_malloc does not validate the allocation
size allowing for arithmetic overflow and subsequently a heap-based
buffer overflow.

CVE-2020-14309
An integer overflow in grub_squash_read_symlink may lead to a heap based buffer overflow.

CVE-2020-14310
An integer overflow in read_section_from_string may lead to a heap based buffer overflow.

CVE-2020-14311
An integer overflow in grub_ext2_read_link may lead to a heap-based
buffer overflow.

CVE-2020-15706
script: Avoid a use-after-free when redefining a function during
execution.

CVE-2020-15707
An integer overflow flaw was found in the initrd size handling.

Further detailed information can be found at the linked references.

Affected Software/OS:
'grub2' package(s) on Debian Linux.

Solution:
For the stable distribution (buster), these problems have been fixed in
version 2.02+dfsg1-20+deb10u1.

We recommend that you upgrade your grub2 packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-10713
Common Vulnerability Exposure (CVE) ID: CVE-2020-14308
Common Vulnerability Exposure (CVE) ID: CVE-2020-14309
Common Vulnerability Exposure (CVE) ID: CVE-2020-14310
Common Vulnerability Exposure (CVE) ID: CVE-2020-14311
Common Vulnerability Exposure (CVE) ID: CVE-2020-15706
Common Vulnerability Exposure (CVE) ID: CVE-2020-15707
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.