CVE-2022-3775

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

CWE	CWE-787
Vendor	n/a
Product	grub2
Published	Dec 19, 2022
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for n/a grub2

Be the first to know when new unknown vulnerabilities affecting n/a grub2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / grub2

All up to 2.06

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/cve-2022-3775 security.gentoo.org: https://security.gentoo.org/glsa/202311-14