{
  "id": "CVE-2022-3775",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2022-12-19T20:15:11.427",
  "lastModified": "2024-11-21T07:20:13.247",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded."
    },
    {
      "lang": "es",
      "value": "Al representar ciertas secuencias Unicode, el c\u00f3digo de fuente de grub2 no se valida correctamente si el ancho y alto del glifo informado est\u00e1n restringidos dentro del tama\u00f1o del mapa de bits. Como consecuencia, un atacante puede crear una entrada que provocar\u00e1 una escritura fuera de los l\u00edmites en el mont\u00f3n de grub2, lo que provocar\u00e1 da\u00f1os en la memoria y problemas de disponibilidad. Aunque es compleja, no se puede descartar la ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "secalert@redhat.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.06",
              "matchCriteriaId": "7E48B3B4-3F7F-4169-ABC8-448AA351276E"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://access.redhat.com/security/cve/cve-2022-3775",
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://security.gentoo.org/glsa/202311-14",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://access.redhat.com/security/cve/cve-2022-3775",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://security.gentoo.org/glsa/202311-14",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}