FKIE_CVE-2021-3697

Vulnerability from fkie_nvd - Published: 2022-07-06 16:15 - Updated: 2024-11-21 06:22
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1991687Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/202209-12Third Party Advisory
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20220930-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1991687Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202209-12Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220930-0001/Third Party Advisory
Impacted products
Vendor Product Version
gnu grub2 *
redhat developer_tools 1.0
redhat openshift 3.0
redhat enterprise_linux 8.0
redhat enterprise_linux 8.1
redhat enterprise_linux 8.4
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.6
redhat enterprise_linux_for_power_little_endian_eus 9.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_tus 8.6
redhat openshift_container_platform 4.6
redhat openshift_container_platform 4.9
redhat openshift_container_platform 4.10
redhat enterprise_linux 8.0
redhat codeready_linux_builder -
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 9.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B798FFCB-4972-436F-ADB4-8DA325089773",
              "versionEndExcluding": "2.12",
              "versionStartIncluding": "2.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60937D60-6B78-400F-8D30-7FCF328659A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62C4B3B6-7452-49AF-8981-737FE929FF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF30E57A-97EA-4A44-8404-6AE4F058B44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DAD1E4A-B22F-432C-97C8-D91D286535F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35EEDB95-DCD1-4FED-9BBB-877B2062410C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "729C515E-1DD3-466D-A50B-AFE058FFC94A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868A6ED7-44DD-44FF-8ADD-9971298A1175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "22D095ED-9247-4133-A133-73B7668565E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "492DF629-16B8-4882-822D-A6897B03DD30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B62E762-2878-455A-93C9-A5DB430D7BB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "81609549-25CE-4C8A-9DE3-170D23704208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CD81C46-328B-412D-AF4E-68A2AD2F1A73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12."
    },
    {
      "lang": "es",
      "value": "Una imagen JPEG dise\u00f1ada puede conllevar que el lector de JPEG desborde su puntero de datos, permitiendo que los datos controlados por el usuario sean escritos en la pila. Para que sea realizado con \u00e9xito, el atacante necesita llevar a cabo un triaje sobre la disposici\u00f3n de la pila y llevar a cabo una imagen con un formato y carga \u00fatil maliciosos. Esta vulnerabilidad puede conllevar a una corrupci\u00f3n de datos y la eventual ejecuci\u00f3n de c\u00f3digo o la omisi\u00f3n del arranque seguro. Este fallo afecta a grub2 versiones anteriores a grub-2.12"
    }
  ],
  "id": "CVE-2021-3697",
  "lastModified": "2024-11-21T06:22:10.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-06T16:15:08.320",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991687"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-12"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220930-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220930-0001/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.