Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2022-28734 - log back

CVE-2022-28734 edited at 08 Jun 2022 10:20:26

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Remote

Description

+

When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.

References

Notes

CVE-2022-28734 created at 08 Jun 2022 10:10:47