{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2015-8370",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
            "refsource" : "BUGTRAQ",
            "url" : "http://www.securityfocus.com/archive/1/537115/100/0/threaded"
         },
         {
            "name" : "20151216 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
            "refsource" : "FULLDISC",
            "url" : "http://seclists.org/fulldisclosure/2015/Dec/69"
         },
         {
            "name" : "[oss-security] 20151215 Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]",
            "refsource" : "MLIST",
            "url" : "http://www.openwall.com/lists/oss-security/2015/12/15/6"
         },
         {
            "name" : "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html",
            "refsource" : "MISC",
            "url" : "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"
         },
         {
            "name" : "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html",
            "refsource" : "MISC",
            "url" : "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"
         },
         {
            "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
            "refsource" : "CONFIRM",
            "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
         },
         {
            "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
            "refsource" : "CONFIRM",
            "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
         },
         {
            "name" : "DSA-3421",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2015/dsa-3421"
         },
         {
            "name" : "FEDORA-2015-cebe5133e7",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"
         },
         {
            "name" : "FEDORA-2015-90c27b6e91",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"
         },
         {
            "name" : "GLSA-201512-03",
            "refsource" : "GENTOO",
            "url" : "https://security.gentoo.org/glsa/201512-03"
         },
         {
            "name" : "RHSA-2015:2623",
            "refsource" : "REDHAT",
            "url" : "http://rhn.redhat.com/errata/RHSA-2015-2623.html"
         },
         {
            "name" : "SUSE-SU-2015:2385",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"
         },
         {
            "name" : "SUSE-SU-2015:2386",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"
         },
         {
            "name" : "SUSE-SU-2015:2387",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"
         },
         {
            "name" : "SUSE-SU-2015:2399",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"
         },
         {
            "name" : "openSUSE-SU-2015:2375",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"
         },
         {
            "name" : "openSUSE-SU-2015:2392",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"
         },
         {
            "name" : "openSUSE-SU-2016:0036",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"
         },
         {
            "name" : "USN-2836-1",
            "refsource" : "UBUNTU",
            "url" : "http://www.ubuntu.com/usn/USN-2836-1"
         },
         {
            "name" : "79358",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/79358"
         },
         {
            "name" : "1034422",
            "refsource" : "SECTRACK",
            "url" : "http://www.securitytracker.com/id/1034422"
         }
      ]
   }
}