CVE-2021-3695
Last modified
CVE-2021-3695 is a medium-severity vulnerability rated 4.5/10 on the CVSS scale. A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Grub2 | >= 2.00, < 2.12 |
| Fedoraproject | Fedora | 36 |
| Redhat | Developer Tools | 1.0 |
| Redhat | Openshift | 3.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux | 8.1 |
| Redhat | Enterprise Linux | 8.4 |
| Redhat | Enterprise Linux | 9.0 |
| Redhat | Enterprise Linux Eus | 8.2 |
| Redhat | Enterprise Linux Eus | 8.4 |
| Redhat | Enterprise Linux Eus | 8.6 |
| Redhat | Enterprise Linux Eus | 9.0 |
| Redhat | Enterprise Linux For Power Little Endian | 8.0 |
| Redhat | Enterprise Linux For Power Little Endian | 9.0 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.2 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.4 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.6 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 9.0 |
| Redhat | Enterprise Linux Server Aus | 8.2 |
| Redhat | Enterprise Linux Server Aus | 8.4 |
| Redhat | Enterprise Linux Server Aus | 8.6 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.1 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.2 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.4 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.6 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 9.0 |
| Redhat | Enterprise Linux Server Tus | 8.2 |
| Redhat | Enterprise Linux Server Tus | 8.4 |
| Redhat | Enterprise Linux Server Tus | 8.6 |
| Redhat | Openshift Container Platform | 4.6 |
| Redhat | Openshift Container Platform | 4.9 |
| Redhat | Openshift Container Platform | 4.10 |
| Redhat | Codeready Linux Builder | All versions |
| Netapp | Ontap Select Deploy Administration Utility | All versions |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1991685Issue Tracking, Third Party Advisory
- https://security.gentoo.org/glsa/202209-12Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220930-0001/Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1991685Issue Tracking, Third Party Advisory
- https://security.gentoo.org/glsa/202209-12Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220930-0001/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-3695?
How severe is CVE-2021-3695?
How do I fix CVE-2021-3695?
Are you affected by CVE-2021-3695?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST