{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2021-3408", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2023-02-12T00:00:00.000Z", "dateRejected": "2023-02-12T00:00:00.000Z", "dateReserved": "2021-02-10T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-02-12T00:00:00.000Z"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}], "id": "CVE-2021-3408", "lastModified": "2023-11-07T03:37:59.247", "metrics": {}, "published": "2022-08-22T16:15:09.323", "references": [], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "grub2: heap out-of-bound write due to mis-calculation of space required for quoting", "id": "1927436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927436"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:N", "status": "draft"}, "cwe": "CWE-787", "details": ["[REJECTED CVE] The grub2 menu rendering code miscalculate the memory amount to hold single-quoted strings. This lead to a out-of-bounds write in grub2's heap by one byte per quote in the input. This results to a 'write-what-where' scenario which an attacker may leverage to compromise heap integrity and possibly code execution, leading to Secure Boot circumvention. To an attack being successful deployed, the attacker needs to have high privileges into the targeted system and also triage the heap layout to successfully deploy a crafted payload."], "name": "CVE-2021-3408", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "grub2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "grub2", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2021-03-02T18:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3408\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3408"], "statement": "This flaw was found to be a duplicate of CVE-2021-20233. Please see https://access.redhat.com/security/cve/CVE-2021-20233 for information about affected products and security errata."}

{}