CVE-2015-8370

Status: Modified
Last modified: 21-10-2024
Published: 16-12-2015
7.4

SUMMARY CVE-2015-8370

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

Access CVSS3 CVE-2015-8370

Attack Complexity Attack Vector Privileges Required Scope User Interaction
HIGH LOCAL NONE UNCHANGED NONE

Impact CVSS3 CVE-2015-8370

Confidentiality Integrity Availability
HIGH HIGH HIGH

Details CVE-2015-8370

EPSS 0.00108
EPSS % 0.44573
References
CWE CWE-191
Vulnerable Configurations
  • cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
CVSS3 Source 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS3 Type Secondary
CVSS3 Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

ATOM RSS Feed Link for CVE Vulnerabilities

CVE Data Propulsed by AKAOMA CyberSecurity