CVE-2020-14311

Summary

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

Affected Software

VendorProductVersion RangeStatus
The Grub2 Projectgrub22.06affected

Weaknesses

  • CWE-190: CWE-190
  • CWE-122: CWE-122

ADP Enrichment

CVE Program Container

Additional References

References