Home > Vulnerability Database > CVE-2021-3695

Mend.io Vulnerability Database

CVE-2021-3695

Date: July 6, 2022

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.

Language: C

Severity Score

4.5

Related Resources (8)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1991685

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3695

Url: https://access.redhat.com/security/cve/CVE-2021-3695

Url: https://security.netapp.com/advisory/ntap-20220930-0001/

Url: https://security.gentoo.org/glsa/202209-12

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3695

Url: https://security-tracker.debian.org/tracker/CVE-2021-3695

Url: https://www.mend.io/vulnerability-database/CVE-2021-3695

Severity Score

4.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	4.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.4
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3695

Date: July 6, 2022

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?