{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T13:53:40.413","vulnerabilities":[{"cve":{"id":"CVE-2024-45780","sourceIdentifier":"secalert@redhat.com","published":"2025-03-03T15:15:14.950","lastModified":"2025-03-07T22:14:56.617","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections."},{"lang":"es","value":"Se encontró una falla en grub2. Al leer archivos tar, grub2 asigna un búfer interno para el nombre del archivo. Sin embargo, no verifica correctamente la asignación contra posibles desbordamientos de números enteros. Es posible provocar que la longitud de la asignación se desborde con un archivo tar manipulado, lo que lleva a una escritura fuera de los límites en el montón. Esta falla finalmente permite a un atacante eludir las protecciones de arranque seguro."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*","versionEndIncluding":"2.12","matchCriteriaId":"6ECC2401-511C-4A2E-878F-C7053FA3ABB1"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2024-45780","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345856","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","source":"secalert@redhat.com","tags":["Mailing List"]}]}}]}