Buffer overflow in Gnu Grub2

CVE-2024-56737

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

Vulnerability class: Buffer Overflow

EPSS: 0.002 (42.2th percentile) — read the EPSS interpretation.

Affected products

Gnu Grub2 — versions 2.00

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

Public proof-of-concept exploits

yo-yo-yo-jbo/yo-yo-yo-jbo.github.io

References

savannah.gnu.org/bugs/

Frequently asked questions

What is CVE-2024-56737?: CVE-2024-56737 is a vulnerability in Gnu Grub2, classified under Heap-based Buffer Overflow. Published 2024-12-29.
Is CVE-2024-56737 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.