CVE-2021-20233

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-20233
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20233.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-20233
Related
Published
2021-03-03T17:15:12Z
Modified
2024-12-05T15:28:04.092898Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages

Alpine:v3.17 / grub

Package

Name
grub
Purl
pkg:apk/alpine/grub?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.06-r0

Affected versions

2.*

2.02_beta3-r0
2.02_beta3-r1
2.02_beta3-r2
2.02_beta3-r3
2.02_beta3-r4
2.02_beta3-r5
2.02_beta3-r6
2.02_beta3-r7
2.02-r0
2.02-r1
2.02-r2
2.02-r3
2.02-r4
2.02-r5
2.02-r6
2.02-r7
2.02-r8
2.02-r9
2.02-r10
2.02-r11
2.02-r12
2.02-r13
2.02-r14
2.02-r15
2.02-r16
2.02-r17
2.02-r18
2.02-r19
2.02-r20
2.04-r0
2.04-r1
2.04-r2
2.04-r3

Alpine:v3.18 / grub

Package

Name
grub
Purl
pkg:apk/alpine/grub?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.06-r0

Affected versions

2.*

2.02_beta3-r0
2.02_beta3-r1
2.02_beta3-r2
2.02_beta3-r3
2.02_beta3-r4
2.02_beta3-r5
2.02_beta3-r6
2.02_beta3-r7
2.02-r0
2.02-r1
2.02-r2
2.02-r3
2.02-r4
2.02-r5
2.02-r6
2.02-r7
2.02-r8
2.02-r9
2.02-r10
2.02-r11
2.02-r12
2.02-r13
2.02-r14
2.02-r15
2.02-r16
2.02-r17
2.02-r18
2.02-r19
2.02-r20
2.04-r0
2.04-r1
2.04-r2
2.04-r3

Alpine:v3.19 / grub

Package

Name
grub
Purl
pkg:apk/alpine/grub?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.06-r0

Affected versions

2.*

2.02_beta3-r0
2.02_beta3-r1
2.02_beta3-r2
2.02_beta3-r3
2.02_beta3-r4
2.02_beta3-r5
2.02_beta3-r6
2.02_beta3-r7
2.02-r0
2.02-r1
2.02-r2
2.02-r3
2.02-r4
2.02-r5
2.02-r6
2.02-r7
2.02-r8
2.02-r9
2.02-r10
2.02-r11
2.02-r12
2.02-r13
2.02-r14
2.02-r15
2.02-r16
2.02-r17
2.02-r18
2.02-r19
2.02-r20
2.04-r0
2.04-r1
2.04-r2
2.04-r3

Alpine:v3.20 / grub

Package

Name
grub
Purl
pkg:apk/alpine/grub?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.06-r0

Affected versions

2.*

2.02_beta3-r0
2.02_beta3-r1
2.02_beta3-r2
2.02_beta3-r3
2.02_beta3-r4
2.02_beta3-r5
2.02_beta3-r6
2.02_beta3-r7
2.02-r0
2.02-r1
2.02-r2
2.02-r3
2.02-r4
2.02-r5
2.02-r6
2.02-r7
2.02-r8
2.02-r9
2.02-r10
2.02-r11
2.02-r12
2.02-r13
2.02-r14
2.02-r15
2.02-r16
2.02-r17
2.02-r18
2.02-r19
2.02-r20
2.04-r0
2.04-r1
2.04-r2
2.04-r3

Alpine:v3.21 / grub

Package

Name
grub
Purl
pkg:apk/alpine/grub?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.06-r0

Affected versions

2.*

2.02_beta3-r0
2.02_beta3-r1
2.02_beta3-r2
2.02_beta3-r3
2.02_beta3-r4
2.02_beta3-r5
2.02_beta3-r6
2.02_beta3-r7
2.02-r0
2.02-r1
2.02-r2
2.02-r3
2.02-r4
2.02-r5
2.02-r6
2.02-r7
2.02-r8
2.02-r9
2.02-r10
2.02-r11
2.02-r12
2.02-r13
2.02-r14
2.02-r15
2.02-r16
2.02-r17
2.02-r18
2.02-r19
2.02-r20
2.04-r0
2.04-r1
2.04-r2
2.04-r3

Debian:11 / grub2

Package

Name
grub2
Purl
pkg:deb/debian/grub2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.04-16

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / grub2

Package

Name
grub2
Purl
pkg:deb/debian/grub2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.04-16

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / grub2

Package

Name
grub2
Purl
pkg:deb/debian/grub2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.04-16

Ecosystem specific

{
    "urgency": "not yet assigned"
}