cve/2021/CVE-2021-20225.md

### [CVE-2021-20225](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225)
![](https://img.shields.io/static/v1?label=Product&message=grub2&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=grub%202.06%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787&color=brightgreen)

### Description

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/EuroLinux/shim-review
- https://github.com/Fortinetofficial/shim-review
- https://github.com/Jurij-Ivastsuk/WAXAR-shim-review
- https://github.com/NaverCloudPlatform/shim-review
- https://github.com/Rodrigo-NR/shim-review
- https://github.com/amzdev0401/shim-review-backup
- https://github.com/baramundisoftware/ShimReview_2024
- https://github.com/bitraser/shim-review-15.4
- https://github.com/coreyvelan/shim-review
- https://github.com/ctrliq/ciq-shim-build
- https://github.com/ctrliq/shim-review
- https://github.com/jason-chang-atrust/shim-review
- https://github.com/jsegitz/shim-review-nonfork
- https://github.com/lenovo-lux/shim-review
- https://github.com/luojc123/shim-nsdl
- https://github.com/mwti/rescueshim
- https://github.com/neppe/shim-review
- https://github.com/neverware/shim-review
- https://github.com/ozun215/shim-review
- https://github.com/puzzleos/uefi-shim_review
- https://github.com/rhboot/shim-review
- https://github.com/synackcyber/BootHole_Fix
- https://github.com/vathpela/shim-review
- https://github.com/zeetim/shim-review