CVE-2022-28734

Public on 2022-07-05

Modified on 2024-02-01

Description

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.

Severity

Medium

See what this means

CVSS v3 Base Score

7.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Core	grub2	2023-07-17 17:40	ALAS2-2023-2146
Amazon Linux 2023	grub2	2023-02-17 20:43	ALAS2023-2023-020

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
NVD	CVSSv3	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2022-28734 Mitre: CVE-2022-28734 FAQs regarding Amazon Linux ALAS/CVE Severity