Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2024-45780 | First vendor Publication | 2025-03-03 |
| Vendor | Cve | Last vendor Modification | 2025-03-07 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 6.7 | ||
| Base Score | 6.7 | Environmental Score | 6.7 |
| impact SubScore | 5.9 | Temporal Score | 6.7 |
| Exploitabality Sub Score | 0.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | High | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45780 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 7 |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2025-03-08 00:20:37 |
|
| 2025-03-06 00:20:40 |
|
| 2025-03-03 21:20:32 |
|
