{"id":"CVE-2021-20225","details":"A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","modified":"2026-04-16T00:05:55.603698681Z","published":"2021-03-03T17:15:11.973Z","related":["ALSA-2021:1734","SUSE-SU-2021:0679-1","SUSE-SU-2021:0681-1","SUSE-SU-2021:0682-1","SUSE-SU-2021:0683-1","SUSE-SU-2021:0684-1","SUSE-SU-2021:0685-1","SUSE-SU-2021:14659-1","openSUSE-SU-2021:0462-1","openSUSE-SU-2024:10824-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202104-05"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220325-0001/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924696"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.06"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20225.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}