How severe is CVE-2020-27749?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2020-27749?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2020-27749

MEDIUM Year: 2020

CVSS v3 Score

6.7

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-121

View all →

Vulnerability Description

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-21556

MEDIUM

CVSS:6.7(Medium)

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious us...

CWE-1212021

CVE-2022-23006

MEDIUM

CVSS:6.7(Medium)

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information...

CWE-1212022

CVE-2023-29182

MEDIUM

CVSS:6.7(Medium)

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker ...

CWE-1212023

CVE-2023-35012

MEDIUM

CVSS:6.7(Medium)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user w...

CWE-1212023

CVE-2023-4273

MEDIUM

CVSS:6.7(Medium)

A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries fr...

CWE-1212023

CVE-2023-52162

MEDIUM

CVSS:6.7(Medium)

Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability...

CWE-1212023

CVE-2020-27749

Vulnerability Description

Related Vulnerabilities

CVE-2021-21556

CVE-2022-23006

CVE-2023-29182

CVE-2023-35012

CVE-2023-4273

CVE-2023-52162