CVE-2022-28733

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-28733
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28733.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-28733
Downstream
Related
Published
2023-07-20T01:15:10.140Z
Modified
2026-03-13T05:45:03.062016Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Integer underflow in grubnetrecvip4packets; A malicious crafted IP packet can lead to an integer underflow in grubnetrecvip4packets() function on rsm->totallen value. Under certain circumstances the totallen value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

References

Affected packages

Git /

Affected ranges

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28733.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "2.00"
            },
            {
                "fixed": "2.06-3"
            }
        ]
    }
]