CVE-2021-3696

Public on 2022-07-05
Modified on 2024-02-01
Description
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core grub2 2023-07-17 ALAS2-2023-2146 Fixed
Amazon Linux 2023 grub2 2023-02-17 ALAS2023-2023-020 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
NVD CVSSv2 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C
NVD CVSSv3 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L