cve-2022-28733
Vulnerability from cvelistv5
Published
2023-07-20 00:20
Modified
2025-02-13 16:32
Summary
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
Impacted products
Vendor Product Version
GNU Project GNU GRUB Version: 0   
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:03:52.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230825-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-28733",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T19:49:29.972519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-24T19:49:41.076Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "packageName": "grub2",
          "platforms": [
            "Linux"
          ],
          "product": "GNU GRUB",
          "repo": "https://git.savannah.gnu.org/cgit/grub.git",
          "vendor": "GNU Project",
          "versions": [
            {
              "lessThan": "2.06-3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Daniel Axtens"
        }
      ],
      "datePublic": "2022-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-25T22:06:12.648Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230825-0002/"
        }
      ],
      "title": "Integer underflow in grub_net_recv_ip4_packets"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2022-28733",
    "datePublished": "2023-07-20T00:20:02.458Z",
    "dateReserved": "2022-04-05T21:59:08.759Z",
    "dateUpdated": "2025-02-13T16:32:35.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-28733\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2023-07-20T01:15:10.140\",\"lastModified\":\"2024-11-21T06:57:49.677\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-191\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-191\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.00\",\"versionEndExcluding\":\"2.06-3\",\"matchCriteriaId\":\"F969F462-AB12-4158-BBA9-A9D828434F9F\"}]}]}],\"references\":[{\"url\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230825-0002/\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2022/06/07/5\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230825-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2022/06/07/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.openwall.com/lists/oss-security/2022/06/07/5\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733\", \"tags\": [\"issue-tracking\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230825-0002/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:03:52.571Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-28733\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-24T19:49:29.972519Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-24T19:49:36.727Z\"}}], \"cna\": {\"title\": \"Integer underflow in grub_net_recv_ip4_packets\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Daniel Axtens\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"repo\": \"https://git.savannah.gnu.org/cgit/grub.git\", \"vendor\": \"GNU Project\", \"product\": \"GNU GRUB\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.06-3\", \"versionType\": \"semver\"}], \"platforms\": [\"Linux\"], \"packageName\": \"grub2\"}], \"datePublic\": \"2022-06-13T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.openwall.com/lists/oss-security/2022/06/07/5\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230825-0002/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm-\u003etotal_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-191\", \"description\": \"CWE-191\"}]}], \"providerMetadata\": {\"orgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"shortName\": \"canonical\", \"dateUpdated\": \"2023-08-25T22:06:12.648Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-28733\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T16:32:35.678Z\", \"dateReserved\": \"2022-04-05T21:59:08.759Z\", \"assignerOrgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"datePublished\": \"2023-07-20T00:20:02.458Z\", \"assignerShortName\": \"canonical\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}