Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/DNTYO/F5_Vulnerability
- https://github.com/EuroLinux/shim-review
- https://github.com/Fortinetofficial/shim-review
- https://github.com/Jurij-Ivastsuk/WAXAR-shim-review
- https://github.com/NaverCloudPlatform/shim-review
- https://github.com/Rodrigo-NR/shim-review
- https://github.com/amzdev0401/shim-review-backup
- https://github.com/baramundisoftware/ShimReview_2024
- https://github.com/bitraser/shim-review-15.4
- https://github.com/coreyvelan/shim-review
- https://github.com/ctrliq/ciq-shim-build
- https://github.com/ctrliq/shim-review
- https://github.com/jason-chang-atrust/shim-review
- https://github.com/jsegitz/shim-review-nonfork
- https://github.com/lenovo-lux/shim-review
- https://github.com/luojc123/shim-nsdl
- https://github.com/mwti/rescueshim
- https://github.com/neppe/shim-review
- https://github.com/neverware/shim-review
- https://github.com/ozun215/shim-review
- https://github.com/puzzleos/uefi-shim_review
- https://github.com/rhboot/shim-review
- https://github.com/synackcyber/BootHole_Fix
- https://github.com/vathpela/shim-review
- https://github.com/zeetim/shim-review