📦 Grub2

A use-after-free vulnerability in GRUB's gettext module allows attackers to invoke an orphaned command after module unloading, causing memory access to invalid locations. This can lead to GRUB crashes...

A heap-based buffer overflow vulnerability in grub2's squash4 filesystem module allows attackers to execute arbitrary code by crafting malicious filesystems. This affects systems using grub2 with squa...

This vulnerability in the HFS filesystem driver allows attackers to trigger a heap-based buffer overflow by providing a specially crafted volume name. This could lead to arbitrary code execution in GR...

This vulnerability in GRUB's HFS filesystem module allows integer overflow when calculating buffer sizes from malicious filesystem metadata. Attackers can exploit this to write past allocated buffers,...

CVE-2024-56737 is a heap-based buffer overflow vulnerability in GNU GRUB2's HFS filesystem parser. Attackers can exploit this by providing specially crafted HFS filesystem data to execute arbitrary co...

An out-of-bounds write vulnerability in grub2's NTFS filesystem driver allows attackers to corrupt heap metadata by presenting a specially crafted NTFS filesystem image. This can lead to arbitrary cod...

CVE-2022-28733 is an integer underflow vulnerability in GRUB2's network stack that allows remote attackers to cause buffer overflow via specially crafted IP packets. This affects systems using GRUB2 w...

CVE-2021-3697 is a heap buffer underflow vulnerability in GRUB2's JPEG parser that allows a crafted JPEG image to corrupt heap memory. Successful exploitation could lead to arbitrary code execution or...

This GRUB2 vulnerability allows attackers to corrupt memory by one byte for each quote in menu input due to an incorrect length calculation. It affects systems using GRUB2 versions prior to 2.06, pote...

This vulnerability in GRUB2 allows privileged attackers to bypass Secure Boot protections by using the cutmem command to remove memory address ranges. This could enable loading of unauthorized code or...

This CVE-2020-25632 vulnerability in GRUB2 allows attackers to unload kernel modules that other modules depend on, creating a use-after-free condition that can lead to arbitrary code execution. It aff...

This CVE describes an integer overflow vulnerability in grub2's JFS filesystem module that allows buffer overflow when reading maliciously crafted filesystems. Attackers can exploit this to execute ar...

A stack overflow vulnerability in GRUB2's BFS filesystem parser allows an attacker to crash the bootloader by providing a specially crafted BFS filesystem. This affects systems using GRUB2 with BFS su...

CVE-2024-45780 is a heap buffer overflow vulnerability in grub2's tar file parser that allows integer overflow during filename buffer allocation. Attackers can exploit this with a crafted tar file to ...

This vulnerability in grub2 allows attackers to trigger an out-of-bounds write when processing language files, potentially overwriting sensitive heap data. This could lead to bypassing secure boot pro...