CVE-2021-3696
MEDIUMGRUB2 < 2.12 - Heap Out-of-bounds Write in PNG Huffman Table Handling
Title source: llmDescription
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1991686
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202209-12
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220930-0001/
Scores
CVSS v3
4.5
EPSS
0.0011
EPSS Percentile
29.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-787
Status
published
Products (33)
gnu/grub2
2.00 - 2.12
netapp/ontap_select_deploy_administration_utility
redhat/codeready_linux_builder
redhat/developer_tools
1.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux
8.1
redhat/enterprise_linux
8.4
redhat/enterprise_linux
9.0
redhat/enterprise_linux_eus
8.2
redhat/enterprise_linux_eus
8.4
... and 23 more
Published
Jul 06, 2022
Tracked Since
Feb 18, 2026