Integer overflow in grub_squash_read_symlink triggered by a specially crafted squashfs filesystem containing a symlink inode with a name length of UINT32, which leads to a zero-sized allocation and subsequent heap buffer overflow with attacker controlled data. CREATE(Triage):(User=admin) CVE-2020-14309 (https://nvd.nist.gov/vuln/detail/CVE-2020-14309)