VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-smxq-995q-rqca

Essentials
Severities (76)
References (17)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-smxq-995q-rqca
Aliases	CVE-2024-45782
Summary	A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
Status	Published
Exploitability	0.5
Weighted Severity	7.0
Risk	3.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-787

Out-of-bounds Write

System	Score	Found at
cvssv3	7.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45782.json
cvssv3.1	7.8	https://access.redhat.com/security/cve/CVE-2024-45782
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-45782
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-45782
cvssv3.1	7.8	https://bugzilla.redhat.com/show_bug.cgi?id=2345858
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2345858
cvssv3.1	6.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2024-45782

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45782.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-45782
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45782
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1098319		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319
2345858		https://bugzilla.redhat.com/show_bug.cgi?id=2345858
cpe:2.3:a:gnu:grub2::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2::::::::
cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
cpe:/a:redhat:openshift:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2024-45782		https://access.redhat.com/security/cve/CVE-2024-45782
CVE-2024-45782		https://nvd.nist.gov/vuln/detail/CVE-2024-45782

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45782.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2024-45782

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:16:37Z/ Found at https://access.redhat.com/security/cve/CVE-2024-45782

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2345858

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:16:37Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2345858

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45782

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.0117
EPSS Score	0.00014
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-11-22T05:59:54.089397+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	35.0.0