CVE-2020-14309 – There’s an issue with grub2 in all versions before 2.06 when handling squashfs filesystems …

Vuln ID: CVE-2020-14309

Published:  2020-07-30  13:15:10Z

Description: There’s an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

Source: NVD.NIST.GOV

 

Tags