There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/09/17/2 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/09/17/4 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/09/21/1 | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14311 | Issue Tracking Third Party Advisory |
https://security.gentoo.org/glsa/202104-05 | Third Party Advisory |
https://usn.ubuntu.com/4432-1/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-07-31T20:56:30
Updated: 2021-09-21T11:06:35
Reserved: 2020-06-17T00:00:00
Link: CVE-2020-14311
JSON object: View
NVD Information
Status : Modified
Published: 2020-07-31T22:15:11.597
Modified: 2023-11-07T03:17:08.243
Link: CVE-2020-14311
JSON object: View
Redhat Information
No data.