CVE-2024-45775

MEDIUM Year: 2024
CVSS v3 Score
5.2
Medium
Weakness Type
CWE-252
View all →

Vulnerability Description

A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.

Related Vulnerabilities

CVE-2018-14622

MEDIUM
CVSS:5.3(Medium)

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server...

CWE-2522018

CVE-2019-15523

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this func...

CWE-2522019

CVE-2020-4531

MEDIUM
CVSS:5.3(Medium)

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error m...

CWE-2522020

CVE-2021-41041

MEDIUM
CVSS:5.3(Medium)

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified ...

CWE-2522021

CVE-2021-4189

MEDIUM
CVSS:5.3(Medium)

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. T...

CWE-2522021

CVE-2021-42780

MEDIUM
CVSS:5.3(Medium)

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

CWE-2522021