cvedb.io
CVE-2024-45780
MEDIUM · CVSS 6.7
EPSS exploitation probability: 0%
Published 2025-03-03T15:15:14.950 · Last modified 2026-06-29T23:16:41.443

Summary

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

Affected products

gnu — grub2

Does this affect you?

Add your gear to cvedb and we'll alert you only when gnu ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.