CVE-2021-20233 log

Severity Medium
Remote No
Type Arbitrary code execution
There's a flaw in GRUB2 menu rendering code setparam_prefix() in the menu rendering code. It performs a length calculation under the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters. This allow an attacker to corrupt memory by one byte for each quote in the input.
Group Package Affected Fixed Severity Status Ticket
AVG-1629 grub 2:2.04-10 2:2.06rc1-1 Medium Testing