CVE-2024-56737

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://savannah.gnu.org/bugs/?66599	Third Party Advisory Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

History

24 Jun 2025, 00:30

Type	Values Removed	Values Added
First Time		Gnu grub2 Gnu
References	~~() https://savannah.gnu.org/bugs/?66599 -~~	() https://savannah.gnu.org/bugs/?66599 - Third Party Advisory, Issue Tracking
First Time		Gnu grub2 Gnu
CPE		cpe:2.3:a:gnu:grub2::::::::
References	~~() https://savannah.gnu.org/bugs/?66599 -~~	() https://savannah.gnu.org/bugs/?66599 - Third Party Advisory, Issue Tracking
CPE		cpe:2.3:a:gnu:grub2::::::::

31 Dec 2024, 19:15

Type	Values Removed	Values Added
CPE	cpe:2.3:a:gnu:grub2::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~() https://savannah.gnu.org/bugs/?66599 - Third Party Advisory, Issue Tracking~~	() https://savannah.gnu.org/bugs/?66599 -
Summary		(es) GNU GRUB (también conocido como GRUB2) hasta la versión 2.12 tiene un desbordamiento de búfer basado en montón en fs/hfs.c a través de datos sblock creados en un sistema de archivos HFS.

29 Dec 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-29 07:15

Updated : 2025-06-24 00:30

NVD link : CVE-2024-56737

Mitre link : CVE-2024-56737

CVE.ORG link : CVE-2024-56737

JSON object : View

Products Affected

gnu

grub2

CWE

CWE-122

Heap-based Buffer Overflow

8.8 /10