DEBIAN-CVE-2025-61662

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-61662

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-61662.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-61662

Upstream

CVE-2025-61662

Published

2025-11-18T19:15:50.203Z

Modified

2025-11-19T11:17:24.508561Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

References

https://security-tracker.debian.org/tracker/CVE-2025-61662

Affected packages

Debian:11 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.04-20

2.06-1

2.06-2

2.06-2+hurd.1

2.06-2+hurd.2

2.06-2+hurd.3

2.06-2+hurd.4

2.06-2+hurd.5

2.06-2+hurd.6

2.06-2+hurd.7

2.06-2+hurd.8

2.06-3~deb10u1

2.06-3~deb10u2

2.06-3~deb10u3

2.06-3~deb10u4

2.06-3~deb11u1

2.06-3~deb11u2

2.06-3~deb11u4

2.06-3~deb11u5

2.06-3~deb11u6

2.06-3

2.06-4

2.06-4+hurd.1

2.06-5

2.06-6

2.06-7

2.06-8

2.06-8+hurd.1

2.06-8.1

2.06-9

2.06-10

2.06-11

2.06-12

2.06-13

2.06-13+hurd.1

2.06-13+hurd.2

2.06-14

2.12~rc1-1

2.12~rc1-2

2.12~rc1-3

2.12~rc1-6

2.12~rc1-7

2.12~rc1-8

2.12~rc1-9

2.12~rc1-10

2.12~rc1-11

2.12~rc1-12

2.12~rc1-13

2.12-1~bpo12+1

2.12-1

2.12-1.1

2.12-2~deb13u1

2.12-2

2.12-3

2.12-4

2.12-5

2.12-5+hurd.1

2.12-6

2.12-7

2.12-8

2.12-9

2.12-9+hurd.1

2.14~git20250718.0e36779-1

2.14~git20250718.0e36779-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.06-13

2.06-13+deb12u1

2.06-13+hurd.1

2.06-13+hurd.2

2.06-14

2.12~rc1-1

2.12~rc1-2

2.12~rc1-3

2.12~rc1-6

2.12~rc1-7

2.12~rc1-8

2.12~rc1-9

2.12~rc1-10

2.12~rc1-11

2.12~rc1-12

2.12~rc1-13

2.12-1~bpo12+1

2.12-1

2.12-1.1

2.12-2~deb13u1

2.12-2

2.12-3

2.12-4

2.12-5

2.12-5+hurd.1

2.12-6

2.12-7

2.12-8

2.12-9

2.12-9+hurd.1

2.14~git20250718.0e36779-1

2.14~git20250718.0e36779-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12-9

2.12-9+hurd.1

2.14~git20250718.0e36779-1

2.14~git20250718.0e36779-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12-9

2.12-9+hurd.1

2.14~git20250718.0e36779-1

2.14~git20250718.0e36779-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}