ELSA-2015-2623 -- Oracle grub2ID: oval:org.secpod.oval:def:1501281 | Date: (C)2016-02-26 (M)2024-01-23 |
Class: PATCH | Family: unix |
Multiple integer underflows in Grub2 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.