projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a69ebe5) | patch
gettext: Integer overflow leads to heap OOB write
authorLidong Chen <lidong.chen@oracle.com>
Fri, 22 Nov 2024 06:27:57 +0000 (06:27 +0000)
committerMiao Wang <shankerwangmiao@gmail.com>
Sun, 15 Feb 2026 13:50:20 +0000 (13:50 +0000)
commit2b6e04b2655d7896fe2f9fe126dfa3b21c492d83
tree57f89a4e83ae8d4e70b434a4b0d66459513e9327tree | snapshot
parenta69ebe55bf36be2b3f2d5fb7be99e21eaadfce45commit | diff
gettext: Integer overflow leads to heap OOB write

The size calculation of the translation buffer in
grub_gettext_getstr_from_position() may overflow
to 0 leading to heap OOB write. This patch fixes
the issue by using grub_add() and checking for
an overflow.

Fixes: CVE-2024-45777
Reported-by: Nils Langius <nils@langius.de>
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name gettext-Integer-overflow-leads-to-heap-OOB-write.patch
grub-core/gettext/gettext.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.