CVE-2022-3775
7.1
HIGH
CVSS 3.1
EPSS 0.09%
Description
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
How to fix CVE-2022-3775
To remediate CVE-2022-3775, upgrade the affected package to a fixed version below.
- —upgrade to 2.06-3~deb11u4 or later
Is CVE-2022-3775 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.06-3~deb11u4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |