Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
History

Thu, 24 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2023-07-20T00:20:02.458Z

Updated: 2024-10-24T19:49:41.076Z

Reserved: 2022-04-05T21:59:08.759Z

Link: CVE-2022-28733

cve-icon Vulnrichment

Updated: 2024-08-03T06:03:52.571Z

cve-icon NVD

Status : Modified

Published: 2023-07-20T01:15:10.140

Modified: 2024-11-21T06:57:49.677

Link: CVE-2022-28733

cve-icon Redhat

Severity : Important

Publid Date: 2022-06-07T00:00:00Z

Links: CVE-2022-28733 - Bugzilla