CVE-2015-8370 (retired)

Priority
Description
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically
proximate attackers to bypass authentication, obtain sensitive information,
or cause a denial of service (disk corruption) via backspace characters in
the (1) grub_username_get function in grub-core/normal/auth.c or the (2)
grub_password_get function in lib/crypto.c, which trigger an "Off-by-two"
or "Out of bounds overwrite" memory error.
Assigned-to
mdeslaur
Package
Source: grub2 (LP Ubuntu Debian)
Upstream:needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.02~beta2-33)
Patches:
Distro:https://bugzilla.redhat.com/attachment.cgi?id=1100986&action=diff
More Information

Updated: 2019-09-19 15:55:58 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)