4.5

CVE-2021-3695

EPSS 0.06%
Veröffentlicht 06.07.2022 16:15:08
Zuletzt bearbeitet 21.11.2024 06:22:10
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Grub2 Version >= 2.00 < 2.12

Fedoraproject ≫ Fedora Version36

Redhat ≫ Developer Tools Version1.0

Redhat ≫ Openshift Version3.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version8.1

Redhat ≫ Enterprise Linux Version8.4

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux Eus Version9.0

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0

Redhat ≫ Enterprise Linux For Power Little Endian Version9.0

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.1

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.2

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.6

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.0

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.6

Redhat ≫ Openshift Container Platform Version4.6

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Openshift Container Platform Version4.9

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Openshift Container Platform Version4.10

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Codeready Linux Builder Version-

   Redhat ≫ Enterprise Linux Version8.0
   Redhat ≫ Enterprise Linux Version9.0
   Redhat ≫ Enterprise Linux Eus Version8.2
   Redhat ≫ Enterprise Linux Eus Version8.4
   Redhat ≫ Enterprise Linux Eus Version8.6
   Redhat ≫ Enterprise Linux Eus Version9.0

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.187

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.5	1	3.4	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202209-12

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1991685

Third Party Advisory

Issue Tracking

https://security.netapp.com/advisory/ntap-20220930-0001/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-3695

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3695

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3695

EUVD