Vulnerability Name:

CVE-2017-9763 (CCN-127824)

Assigned:2017-06-12
Published:2017-06-12
Updated:2017-07-05
Summary:The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2017-9763

Source: CCN
Type: grub GIT Repository
grub-core/fs/ext2.c: Remove variable length arrays

Source: CONFIRM
Type: Patch, Third Party Advisory
http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768

Source: BID
Type: Third Party Advisory, VDB Entry
99141

Source: CCN
Type: BID-99141
GNU GRUB CVE-2017-9763 Remote Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
gungrub-cve20179763-dos(127824)

Source: CCN
Type: radare2 GIT Repository
Fix #7723 - crash in ext2 GRUB code because of variable size array in

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/radare/radare2/issues/7723

Source: CCN
Type: IBM Security Bulletin 1120209 (ToolsCenter Dynamic System Analysis (DSA) Preboot)
IBM ToolsCenter Dynamic System Analysis (DSA) Preboot is affected by multiple vulnerabilities.

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-9763

Vulnerable Configuration:Configuration 1:
  • cpe:/a:radare:radare2:1.5.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:grub:2013-11-12:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20179763
    V
    		CVE-2017-9763
    2022-05-20
    oval:org.opensuse.security:def:30291
    P
    		Security update for libsndfile (Important)
    2022-01-05
    oval:org.opensuse.security:def:35279
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:30140
    P
    		Security update for qemu (Important)
    2021-10-28
    oval:org.opensuse.security:def:34564
    P
    		Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:33726
    P
    		Security update for apache2 (Important)
    2021-10-06
    oval:org.opensuse.security:def:31274
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-09-23
    oval:org.opensuse.security:def:30247
    P
    		Security update for openssl (Low)
    2021-09-20
    oval:org.opensuse.security:def:33968
    P
    		Security update for file (Important)
    2021-09-02
    oval:org.opensuse.security:def:30228
    P
    		Security update for libsndfile (Critical)
    2021-08-05
    oval:org.opensuse.security:def:31230
    P
    		Security update for linuxptp (Important)
    2021-07-21
    oval:org.opensuse.security:def:34480
    P
    		Security update for python-py (Moderate)
    2021-07-02
    oval:org.opensuse.security:def:31209
    P
    		Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:34468
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:34469
    P
    		Security update for apache2 (Important)
    2021-06-17
    oval:org.opensuse.security:def:30085
    P
    		Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:35252
    P
    		Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:31170
    P
    		Security update for samba (Important)
    2021-05-04
    oval:org.opensuse.security:def:30189
    P
    		Security update for samba (Important)
    2021-04-29
    oval:org.opensuse.security:def:29487
    P
    		Security update for sudo (Important)
    2021-03-24
    oval:org.opensuse.security:def:29486
    P
    		Security update for glib2 (Important)
    2021-03-16
    oval:org.opensuse.security:def:41346
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:44672
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:45776
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:40242
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:34340
    P
    		Security update for MozillaFirefox (Critical)
    2020-12-21
    oval:org.opensuse.security:def:33879
    P
    		Security update for openssl-1_0_0 (Important)
    2020-12-09
    oval:org.opensuse.security:def:35961
    P
    		libopensc2-0.11.6-5.27.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:36002
    P
    		openslp-1.2.0-172.22.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35213
    P
    		Security update for libgcrypt
    2020-12-01
    oval:org.opensuse.security:def:30910
    P
    		Security update for freetype2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31950
    P
    		Security update for grub2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33822
    P
    		Security update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29498
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30458
    P
    		Security update for Mesa
    2020-12-01
    oval:org.opensuse.security:def:31065
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:34978
    P
    		Security update for ghostscript-library (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34700
    P
    		Security update for zypper
    2020-12-01
    oval:org.opensuse.security:def:29570
    P
    		Security update for SuSEfirewall2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30459
    P
    		Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:31121
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35018
    P
    		Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:34799
    P
    		Security update for ansible (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35323
    P
    		Security update to ucode-intel (Important)
    2020-12-01
    oval:org.opensuse.security:def:29702
    P
    		Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:30470
    P
    		Security update for PHP5
    2020-12-01
    oval:org.opensuse.security:def:33496
    P
    		Security update for libxml2
    2020-12-01
    oval:org.opensuse.security:def:34125
    P
    		Security update for netpbm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34856
    P
    		Security update for cifs-utils (Important)
    2020-12-01
    oval:org.opensuse.security:def:29789
    P
    		Security update for gtk2
    2020-12-01
    oval:org.opensuse.security:def:30544
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:33497
    P
    		Security update for lvm2, lvm2-clvm, lvm2-clvm-debuginfo, lvm2-clvm-debugsource, lvm2-debuginfo, lvm2-debugsource
    2020-12-01
    oval:org.opensuse.security:def:34183
    P
    		Security update for openswan
    2020-12-01
    oval:org.opensuse.security:def:34946
    P
    		Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:29846
    P
    		Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:30929
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:30676
    P
    		Security update for ImageMagick (Low)
    2020-12-01
    oval:org.opensuse.security:def:33508
    P
    		Security update for OpenSSL
    2020-12-01
    oval:org.opensuse.security:def:34232
    P
    		Security update for php5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35105
    P
    		Security update for the Linux Kernel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29932
    P
    		Security update for libgnomesu
    2020-12-01
    oval:org.opensuse.security:def:30966
    P
    		Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:30766
    P
    		Security update for aspell (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33590
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:34271
    P
    		Security update for puppet (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35164
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30823
    P
    		Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:31912
    P
    		Security update for gcc43 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34296
    P
    		Security update for python27 (Moderate)
    2020-12-01
    oval:com.ubuntu.bionic:def:201797630000000
    V
    		CVE-2017-9763 on Ubuntu 18.04 LTS (bionic) - medium.
    2017-06-19
    oval:com.ubuntu.artful:def:20179763000
    V
    		CVE-2017-9763 on Ubuntu 17.10 (artful) - medium.
    2017-06-19
    oval:com.ubuntu.xenial:def:20179763000
    V
    		CVE-2017-9763 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-06-19
    oval:com.ubuntu.xenial:def:201797630000000
    V
    		CVE-2017-9763 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-06-19
    oval:com.ubuntu.bionic:def:20179763000
    V
    		CVE-2017-9763 on Ubuntu 18.04 LTS (bionic) - medium.
    2017-06-19
    oval:com.ubuntu.disco:def:201797630000000
    V
    		CVE-2017-9763 on Ubuntu 19.04 (disco) - medium.
    2017-06-19
    oval:com.ubuntu.cosmic:def:20179763000
    V
    		CVE-2017-9763 on Ubuntu 18.10 (cosmic) - medium.
    2017-06-19
    oval:com.ubuntu.cosmic:def:201797630000000
    V
    		CVE-2017-9763 on Ubuntu 18.10 (cosmic) - medium.
    2017-06-19
    oval:com.ubuntu.trusty:def:20179763000
    V
    		CVE-2017-9763 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-06-19
    BACK
    radare radare2 1.5.0
    gnu grub 2013-11-12