CVE-2022-28734 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Unknown |
| Description | When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2762 | grub | 2:2.06-5 | High | Vulnerable |