CVE-2017-9763 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-9763 Interim 1 26 2025-11-05T03:57:27Z current 2021-05-30T13:57:34Z 2025-11-05T03:57:27Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-9763 The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2019-March/005250.html E-Mail link for SUSE-SU-2019:13989-1 https://lists.suse.com/pipermail/sle-updates/2021-March/018162.html E-Mail link for SUSE-SU-2021:14659-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Magnum Orchestration 7 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP4 grub2 grub2-arm64-efi grub2-i386-pc grub2-powerpc-ieee1275 grub2-s390x-emu grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-2.00-0.66.8.1 grub2-x86_64-efi-2.02-0.53.10.1 grub2-x86_64-efi-2.02-0.66.26.1 grub2-x86_64-xen grub2-x86_64-xen-2.00-0.66.8.1 grub2-x86_64-xen-2.02-0.53.10.1 grub2-x86_64-xen-2.02-0.66.26.1 grub2-x86_64-efi-2.02-0.53.10.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA grub2-x86_64-xen-2.02-0.53.10.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA grub2-x86_64-efi-2.00-0.66.8.1 as a component of SUSE Linux Enterprise Server 11 SP4 grub2-x86_64-xen-2.00-0.66.8.1 as a component of SUSE Linux Enterprise Server 11 SP4 grub2-x86_64-efi-2.02-0.66.26.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS grub2-x86_64-xen-2.02-0.66.26.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS grub2-x86_64-efi-2.00-0.66.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 grub2-x86_64-xen-2.00-0.66.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 grub2 as a component of Magnum Orchestration 7 grub2 as a component of SUSE Linux Enterprise Server 12 SP2 grub2-arm64-efi as a component of SUSE Linux Enterprise Server 12 SP2 grub2-i386-pc as a component of SUSE Linux Enterprise Server 12 SP2 grub2-powerpc-ieee1275 as a component of SUSE Linux Enterprise Server 12 SP2 grub2-s390x-emu as a component of SUSE Linux Enterprise Server 12 SP2 grub2-snapper-plugin as a component of SUSE Linux Enterprise Server 12 SP2 grub2-systemd-sleep-plugin as a component of SUSE Linux Enterprise Server 12 SP2 grub2-x86_64-efi as a component of SUSE Linux Enterprise Server 12 SP2 grub2-x86_64-xen as a component of SUSE Linux Enterprise Server 12 SP2 The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array. CVE-2017-9763 SUSE Linux Enterprise Server 11 SP3-TERADATA:grub2-x86_64-efi-2.02-0.53.10.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:grub2-x86_64-xen-2.02-0.53.10.1 SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-efi-2.00-0.66.8.1 SUSE Linux Enterprise Server 11 SP4:grub2-x86_64-xen-2.00-0.66.8.1 SUSE Linux Enterprise Server 11 SP4-LTSS:grub2-x86_64-efi-2.02-0.66.26.1 SUSE Linux Enterprise Server 11 SP4-LTSS:grub2-x86_64-xen-2.02-0.66.26.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:grub2-x86_64-efi-2.00-0.66.8.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:grub2-x86_64-xen-2.00-0.66.8.1 Magnum Orchestration 7:grub2 SUSE Linux Enterprise Server 12 SP2:grub2 SUSE Linux Enterprise Server 12 SP2:grub2-arm64-efi SUSE Linux Enterprise Server 12 SP2:grub2-i386-pc SUSE Linux Enterprise Server 12 SP2:grub2-powerpc-ieee1275 SUSE Linux Enterprise Server 12 SP2:grub2-s390x-emu SUSE Linux Enterprise Server 12 SP2:grub2-snapper-plugin SUSE Linux Enterprise Server 12 SP2:grub2-systemd-sleep-plugin SUSE Linux Enterprise Server 12 SP2:grub2-x86_64-efi SUSE Linux Enterprise Server 12 SP2:grub2-x86_64-xen moderate 3.8 AV:L/AC:H/Au:S/C:N/I:N/A:C 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H