Integer overflow in grub_squash_read_symlink triggered by a specially crafted squashfs filesystem containing a symlink inode with a name length of UINT32, which leads to a zero-sized allocation and subsequent heap buffer overflow with attacker controlled data. CREATE(Triage):(User=admin) [CVE-2020-14309|https://nvd.nist.gov/vuln/detail/CVE-2020-14309]
