Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3696

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Published

2022-07-06T16:15:08.270

Last Modified

2024-11-21T06:22:10.657

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.4

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-787
  • Type: Primary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application gnu grub2 < 2.12 Yes
Application redhat developer_tools 1.0 Yes
Application redhat openshift 3.0 Yes
Operating System redhat enterprise_linux 8.0 Yes
Operating System redhat enterprise_linux 8.1 Yes
Operating System redhat enterprise_linux 8.4 Yes
Operating System redhat enterprise_linux 9.0 Yes
Operating System redhat enterprise_linux_eus 8.2 Yes
Operating System redhat enterprise_linux_eus 8.4 Yes
Operating System redhat enterprise_linux_eus 8.6 Yes
Operating System redhat enterprise_linux_eus 9.0 Yes
Operating System redhat enterprise_linux_for_power_little_endian 8.0 Yes
Operating System redhat enterprise_linux_for_power_little_endian 9.0 Yes
Operating System redhat enterprise_linux_for_power_little_endian_eus 8.2 Yes
Operating System redhat enterprise_linux_for_power_little_endian_eus 8.4 Yes
Operating System redhat enterprise_linux_for_power_little_endian_eus 8.6 Yes
Operating System redhat enterprise_linux_for_power_little_endian_eus 9.0 Yes
Operating System redhat enterprise_linux_server_aus 8.2 Yes
Operating System redhat enterprise_linux_server_aus 8.4 Yes
Operating System redhat enterprise_linux_server_aus 8.6 Yes
Operating System redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1 Yes
Operating System redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2 Yes
Operating System redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4 Yes
Operating System redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6 Yes
Operating System redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0 Yes
Operating System redhat enterprise_linux_server_tus 8.2 Yes
Operating System redhat enterprise_linux_server_tus 8.4 Yes
Operating System redhat enterprise_linux_server_tus 8.6 Yes
Application redhat openshift_container_platform 4.6 Yes
Application redhat openshift_container_platform 4.9 Yes
Application redhat openshift_container_platform 4.10 Yes
Operating System redhat enterprise_linux 8.0 No
Application redhat codeready_linux_builder - Yes
Operating System redhat enterprise_linux 8.0 No
Operating System redhat enterprise_linux 9.0 No
Operating System redhat enterprise_linux_eus 8.2 No
Operating System redhat enterprise_linux_eus 8.4 No
Operating System redhat enterprise_linux_eus 8.6 No
Operating System redhat enterprise_linux_eus 9.0 No
Application netapp ontap_select_deploy_administration_utility - Yes
References