{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-28733", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2022-04-05T21:59:08.759Z", "datePublished": "2023-07-20T00:20:02.458Z", "dateUpdated": "2025-02-13T16:32:35.678Z"}, "containers": {"cna": {"affected": [{"packageName": "grub2", "product": "GNU GRUB", "vendor": "GNU Project", "repo": "https://git.savannah.gnu.org/cgit/grub.git", "platforms": ["Linux"], "versions": [{"lessThan": "2.06-3", "status": "affected", "version": "0", "versionType": "semver"}]}], "title": "Integer underflow in grub_net_recv_ip4_packets", "descriptions": [{"lang": "en", "value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer."}], "datePublic": "2022-06-13T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "description": "CWE-191", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["mailing-list"], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"}, {"tags": ["issue-tracking"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"}, {"url": "https://security.netapp.com/advisory/ntap-20230825-0002/"}], "credits": [{"lang": "en", "type": "finder", "value": "Daniel Axtens"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2023-08-25T22:06:12.648Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:03:52.571Z"}, "title": "CVE Program Container", "references": [{"tags": ["mailing-list", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"}, {"url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-24T19:49:29.972519Z", "id": "CVE-2022-28733", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-24T19:49:41.076Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:03:52.571Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-28733", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-24T19:49:29.972519Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-24T19:49:36.727Z"}}], "cna": {"title": "Integer underflow in grub_net_recv_ip4_packets", "credits": [{"lang": "en", "type": "finder", "value": "Daniel Axtens"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"repo": "https://git.savannah.gnu.org/cgit/grub.git", "vendor": "GNU Project", "product": "GNU GRUB", "versions": [{"status": "affected", "version": "0", "lessThan": "2.06-3", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "grub2"}], "datePublic": "2022-06-13T00:00:00.000Z", "references": [{"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "tags": ["mailing-list"]}, {"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733", "tags": ["issue-tracking"]}, {"url": "https://security.netapp.com/advisory/ntap-20230825-0002/"}], "descriptions": [{"lang": "en", "value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-191", "description": "CWE-191"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2023-08-25T22:06:12.648Z"}}}, "cveMetadata": {"cveId": "CVE-2022-28733", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:32:35.678Z", "dateReserved": "2022-04-05T21:59:08.759Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2023-07-20T00:20:02.458Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", "matchCriteriaId": "F969F462-AB12-4158-BBA9-A9D828434F9F", "versionEndExcluding": "2.06-3", "versionStartIncluding": "2.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer."}], "id": "CVE-2022-28733", "lastModified": "2024-11-21T06:57:49.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@ubuntu.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-20T01:15:10.140", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"}, {"source": "security@ubuntu.com", "url": "https://security.netapp.com/advisory/ntap-20230825-0002/"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230825-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "security@ubuntu.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:8900", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "grub2-1:2.02-0.87.el7_9.11", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-12-08T00:00:00Z"}, {"advisory": "RHSA-2022:5095", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "grub2-1:2.02-123.el8_6.8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-06-16T00:00:00Z"}, {"advisory": "RHSA-2022:5098", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "grub2-1:2.02-87.el8_1.10", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-06-16T00:00:00Z"}, {"advisory": "RHSA-2022:5100", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "grub2-1:2.02-87.el8_2.10", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-06-16T00:00:00Z"}, {"advisory": "RHSA-2022:5096", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "grub2-1:2.02-99.el8_4.9", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-06-16T00:00:00Z"}, {"advisory": "RHSA-2022:5099", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "grub2-1:2.06-27.el9_0.7", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-06-16T00:00:00Z"}, {"advisory": "RHSA-2022:5678", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.1-202207170705_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-07-21T00:00:00Z"}], "bugzilla": {"description": "grub2: Integer underflow in grub_net_recv_ip4_packets", "id": "2083339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083339"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-191", "details": ["Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.", "A flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution."], "name": "CVE-2022-28733", "public_date": "2022-06-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-28733\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28733"], "threat_severity": "Important"}