What is the severity of CVE-2024-45776?

CVE-2024-45776 has been classified as a high severity vulnerability due to the potential for out-of-bounds reads and writes.

How do I fix CVE-2024-45776?

To remediate CVE-2024-45776, update to the latest version of GRUB2 that includes the patch addressing this vulnerability.

What systems are affected by CVE-2024-45776?

CVE-2024-45776 affects systems using the GNU GRUB2 bootloader, particularly those processing crafted .mo files.

What vulnerabilities arise from CVE-2024-45776?

CVE-2024-45776 can lead to potential out-of-bounds reads and writes, allowing an attacker to exploit the buffer overflow.

When was CVE-2024-45776 reported?

CVE-2024-45776 was reported in 2024, highlighting a critical flaw in the buffer management of GRUB2.

Vulnerability/
CVE-2024-45776

medium

6.7

CWE

787 190

21/1/2025

18/2/2025

19/2/2025

CVE-2024-45776: Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.

First published: Tue Jan 21 2025(Updated: )

When reading language .mo file in grub_mofile_open(), grub2 fails to verify to a integer overflow when allocating its internal buffer. A crafted .mo file may lead to the buffer size calculation to overflow leading to Out-of-bound reads and writes. An attacker may leverage this flaw to leak sensitive data or overwrite critical data possibly leading to the circumvention of secure boot protections.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
GRUB 2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-45776?
CVE-2024-45776 has been classified as a high severity vulnerability due to the potential for out-of-bounds reads and writes.
How do I fix CVE-2024-45776?
To remediate CVE-2024-45776, update to the latest version of GRUB2 that includes the patch addressing this vulnerability.
What systems are affected by CVE-2024-45776?
CVE-2024-45776 affects systems using the GNU GRUB2 bootloader, particularly those processing crafted .mo files.
What vulnerabilities arise from CVE-2024-45776?
CVE-2024-45776 can lead to potential out-of-bounds reads and writes, allowing an attacker to exploit the buffer overflow.
When was CVE-2024-45776 reported?
CVE-2024-45776 was reported in 2024, highlighting a critical flaw in the buffer management of GRUB2.

collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-45776
agent/references
agent/weakness
agent/title
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/author
agent/source
agent/tags
agent/trending
agent/event
vendor/gnu
canonical/grub 2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.