{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3775", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T01:20:57.693Z", "dateReserved": "2022-10-31T00:00:00.000Z", "datePublished": "2022-12-19T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-25T12:06:19.532Z"}, "descriptions": [{"lang": "en", "value": "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded."}], "affected": [{"vendor": "n/a", "product": "grub2", "versions": [{"version": "All up to 2.06", "status": "affected"}]}], "references": [{"url": "https://access.redhat.com/security/cve/cve-2022-3775"}, {"name": "GLSA-202311-14", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202311-14"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-787", "cweId": "CWE-787"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:57.693Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/cve-2022-3775", "tags": ["x_transferred"]}, {"name": "GLSA-202311-14", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202311-14"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E48B3B4-3F7F-4169-ABC8-448AA351276E", "versionEndIncluding": "2.06", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded."}, {"lang": "es", "value": "Al representar ciertas secuencias Unicode, el c\u00f3digo de fuente de grub2 no se valida correctamente si el ancho y alto del glifo informado est\u00e1n restringidos dentro del tama\u00f1o del mapa de bits. Como consecuencia, un atacante puede crear una entrada que provocar\u00e1 una escritura fuera de los l\u00edmites en el mont\u00f3n de grub2, lo que provocar\u00e1 da\u00f1os en la memoria y problemas de disponibilidad. Aunque es compleja, no se puede descartar la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2022-3775", "lastModified": "2024-11-21T07:20:13.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-19T20:15:11.427", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2022-3775"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202311-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2022-3775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202311-14"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Daniel Axtens for reporting this issue.", "affected_release": [{"advisory": "RHSA-2023:0049", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "grub2-1:2.02-142.el8_7.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-01-09T00:00:00Z"}, {"advisory": "RHSA-2022:8494", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "grub2-1:2.02-87.el8_1.11", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-11-16T00:00:00Z"}, {"advisory": "RHSA-2022:8800", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "grub2-1:2.02-87.el8_2.11", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2022-12-06T00:00:00Z"}, {"advisory": "RHSA-2022:8800", "cpe": "cpe:/o:redhat:rhel_tus:8.2", "package": "grub2-1:2.02-87.el8_2.11", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2022-12-06T00:00:00Z"}, {"advisory": "RHSA-2022:8800", "cpe": "cpe:/o:redhat:rhel_e4s:8.2", "package": "grub2-1:2.02-87.el8_2.11", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2022-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:0047", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "grub2-1:2.02-99.el8_4.10", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-01-09T00:00:00Z"}, {"advisory": "RHSA-2023:0048", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "grub2-1:2.02-123.el8_6.12", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-01-09T00:00:00Z"}, {"advisory": "RHSA-2023:0752", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "grub2-1:2.06-46.el9_1.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:8978", "cpe": "cpe:/o:redhat:rhel_eus:9.0", "package": "grub2-1:2.06-27.el9_0.12", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-12-13T00:00:00Z"}], "bugzilla": {"description": "grub2: Heap based out-of-bounds write when redering certain unicode sequences", "id": "2138880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", "A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this issue, allowing modifications in unauthorized memory segments, causing data integrity problems or leading to denial of service."], "name": "CVE-2022-3775", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "grub2", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-11-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3775\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3775\nhttps://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html"], "threat_severity": "Moderate"}