漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
CVSS Information
N/A
Vulnerability Type
跨界内存写
Vulnerability Title
grub2 缓冲区错误漏洞
Vulnerability Description
grub2是美国GNU社区的一款Linux系统引导程序。 grub2存在缓冲区错误漏洞,该漏洞源于其字体代码呈现某些unicode序列时,它无法正确验证字体的宽度和高度。这些值进一步用于访问字体缓冲区,可能导致越界写入。攻击者可能设计一种能够触发此问题的字体,允许在未经授权的内存段中进行修改,导致数据完整性问题或导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A