CVE-2022-3775
7.1
HIGH
CVSS 3.1
EPSS 0.09%
描述
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
如何修補 CVE-2022-3775
要修補 CVE-2022-3775,請將受影響套件升級到下列已修補版本。
- —升級至 2.06-3~deb11u4 或更新版本
CVE-2022-3775 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 2.06-3~deb11u4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |