CVE-2020-15707

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-15707
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15707.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-15707
Downstream
Related
Published
2020-07-29T18:15:14.640Z
Modified
2026-02-24T11:34:00.690058Z
Severity
  • 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.

References

Affected packages

Git / github.com/containers/image

Affected ranges

Type
GIT
Repo
https://github.com/containers/image
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b49a0b7eac5a602f669dd0f4243985ef7e48033c

Affected versions

Other
v1,1
v1.*
v1.1
v1.2
v1.3
v1.4
v1.5
v1.5.1
v2.*
v2.0.0
v2.0.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v4.*
v4.0.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15707.json"