CVE-2022-28733

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733	Third Party Advisory
https://security.netapp.com/advisory/ntap-20230825-0002/
https://www.openwall.com/lists/oss-security/2022/06/07/5	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

History

25 Aug 2023, 23:15

Type	Values Removed	Values Added
References		(MISC) https://security.netapp.com/advisory/ntap-20230825-0002/ -

28 Jul 2023, 14:56

Type	Values Removed	Values Added
First Time		Gnu Gnu grub2
References	~~(MISC) https://www.openwall.com/lists/oss-security/2022/06/07/5 -~~	(MISC) https://www.openwall.com/lists/oss-security/2022/06/07/5 - Mailing List, Third Party Advisory
References	~~(MISC) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733 -~~	(MISC) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733 - Third Party Advisory
CWE		CWE-191
CPE		cpe:2.3:a:gnu:grub2::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1

20 Jul 2023, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-20 01:15

Updated : 2024-02-28 20:33

NVD link : CVE-2022-28733

Mitre link : CVE-2022-28733

CVE.ORG link : CVE-2022-28733

JSON object : View

Products Affected

gnu

grub2

CWE

CWE-191

Integer Underflow (Wrap or Wraparound)

{"id": "CVE-2022-28733", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2023-07-20T01:15:10.140", "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733", "tags": ["Third Party Advisory"], "source": "security@ubuntu.com"}, {"url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "source": "security@ubuntu.com"}, {"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@ubuntu.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-191"}]}, {"type": "Secondary", "source": "security@ubuntu.com", "description": [{"lang": "en", "value": "CWE-191"}]}], "descriptions": [{"lang": "en", "value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer."}], "lastModified": "2023-08-25T23:15:08.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F969F462-AB12-4158-BBA9-A9D828434F9F", "versionEndExcluding": "2.06-3", "versionStartIncluding": "2.00"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}