CVE-2022-28733
CVSS V2 None
CVSS V3 None
Description
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
Overview
- CVE ID
- CVE-2022-28733
- Assigner
- canonical
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-20T00:20:02.458Z
- Last Modified Date
- 2023-07-20T15:37:31.331Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2022/06/07/5 | mailing-list |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733 | issue-tracking |
| https://security.netapp.com/advisory/ntap-20230825-0002/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-28733 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 17:55:10 | Added to TrackCVE |