Vulnerabilites related to redhat - shim
cve-2023-40546
Vulnerability from cvelistv5
Published
2024-01-29 16:29
Modified
2024-11-24 14:18
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
References
https://access.redhat.com/errata/RHSA-2024:1834vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1835vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1873vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1876vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1883vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1902vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1903vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1959vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2086vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-40546vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2241796issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-3.el7   < *
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
    cpe:/o:redhat:enterprise_linux:7::client
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-1.el7   < *
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
    cpe:/o:redhat:enterprise_linux:7::client
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:15.8-4.el8_9   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:15.8-2.el8_6   < *
    cpe:/o:redhat:rhel_eus:8.6::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:15.8-4.el9_3   < *
    cpe:/o:redhat:enterprise_linux:9::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-3.el9   < *
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:15.8-3.el9_2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:50.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1834",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1834"
          },
          {
            "name": "RHSA-2024:1835",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1835"
          },
          {
            "name": "RHSA-2024:1873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1873"
          },
          {
            "name": "RHSA-2024:1876",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1876"
          },
          {
            "name": "RHSA-2024:1883",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1883"
          },
          {
            "name": "RHSA-2024:1902",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1902"
          },
          {
            "name": "RHSA-2024:1903",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1903"
          },
          {
            "name": "RHSA-2024:1959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1959"
          },
          {
            "name": "RHSA-2024:2086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2086"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-40546"
          },
          {
            "name": "RHBZ#2241796",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241796"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation",
            "cpe:/o:redhat:enterprise_linux:7::client"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation",
            "cpe:/o:redhat:enterprise_linux:7::client"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-signed",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-1.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-aarch64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9_2",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-01-23T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn\u0027t match the format string used by it, leading to a crash under certain circumstances."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T14:18:46.173Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1834",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1834"
        },
        {
          "name": "RHSA-2024:1835",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1835"
        },
        {
          "name": "RHSA-2024:1873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1873"
        },
        {
          "name": "RHSA-2024:1876",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        },
        {
          "name": "RHSA-2024:1883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1883"
        },
        {
          "name": "RHSA-2024:1902",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1902"
        },
        {
          "name": "RHSA-2024:1903",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1903"
        },
        {
          "name": "RHSA-2024:1959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1959"
        },
        {
          "name": "RHSA-2024:2086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2086"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-40546"
        },
        {
          "name": "RHBZ#2241796",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241796"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-02T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-23T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Shim: out-of-bounds read printing error messages",
      "workarounds": [
        {
          "lang": "en",
          "value": "There\u0027s no available mitigation for this issue."
        }
      ],
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-40546",
    "datePublished": "2024-01-29T16:29:26.258Z",
    "dateReserved": "2023-08-15T20:04:15.615Z",
    "dateUpdated": "2024-11-24T14:18:46.173Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-40547
Vulnerability from cvelistv5
Published
2024-01-25 15:54
Modified
2024-11-24 14:19
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
References
https://access.redhat.com/errata/RHSA-2024:1834vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1835vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1873vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1876vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1883vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1902vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1903vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1959vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2086vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-40547vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2234589issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-3.el7   < *
    cpe:/o:redhat:enterprise_linux:7::client
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-1.el7   < *
    cpe:/o:redhat:enterprise_linux:7::client
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:15.8-4.el8_9   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:15.8-2.el8_6   < *
    cpe:/o:redhat:rhel_eus:8.6::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:15.8-4.el9_3   < *
    cpe:/o:redhat:enterprise_linux:9::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-3.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::appstream
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::appstream
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::appstream
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:15.8-3.el9_2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:50.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/26/1"
          },
          {
            "name": "RHSA-2024:1834",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1834"
          },
          {
            "name": "RHSA-2024:1835",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1835"
          },
          {
            "name": "RHSA-2024:1873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1873"
          },
          {
            "name": "RHSA-2024:1876",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1876"
          },
          {
            "name": "RHSA-2024:1883",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1883"
          },
          {
            "name": "RHSA-2024:1902",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1902"
          },
          {
            "name": "RHSA-2024:1903",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1903"
          },
          {
            "name": "RHSA-2024:1959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1959"
          },
          {
            "name": "RHSA-2024:2086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2086"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-40547"
          },
          {
            "name": "RHBZ#2234589",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::client",
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::client",
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-signed",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-1.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-aarch64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9_2",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Bill Demirkapi (Microsoft Security Response Center) for reporting this issue."
        }
      ],
      "datePublic": "2024-01-23T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T14:19:00.724Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1834",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1834"
        },
        {
          "name": "RHSA-2024:1835",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1835"
        },
        {
          "name": "RHSA-2024:1873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1873"
        },
        {
          "name": "RHSA-2024:1876",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        },
        {
          "name": "RHSA-2024:1883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1883"
        },
        {
          "name": "RHSA-2024:1902",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1902"
        },
        {
          "name": "RHSA-2024:1903",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1903"
        },
        {
          "name": "RHSA-2024:1959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1959"
        },
        {
          "name": "RHSA-2024:2086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2086"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-40547"
        },
        {
          "name": "RHBZ#2234589",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-05-05T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-23T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Shim: rce in http boot support may lead to secure boot bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "If a system isn\u2019t required to boot from the network, configure the server\u2019s boot order to disable entirely or skip the network boot."
        }
      ],
      "x_redhatCweChain": "CWE-346-\u003eCWE-787: Origin Validation Error leads to Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-40547",
    "datePublished": "2024-01-25T15:54:23.102Z",
    "dateReserved": "2023-08-15T20:04:15.615Z",
    "dateUpdated": "2024-11-24T14:19:00.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-40551
Vulnerability from cvelistv5
Published
2024-01-29 16:46
Modified
2024-11-24 14:19
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
Summary
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
References
https://access.redhat.com/errata/RHSA-2024:1834vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1835vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1873vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1876vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1883vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1902vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1903vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1959vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2086vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-40551vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2259918issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-3.el7   < *
    cpe:/o:redhat:enterprise_linux:7::workstation
    cpe:/o:redhat:enterprise_linux:7::client
    cpe:/o:redhat:enterprise_linux:7::server
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-1.el7   < *
    cpe:/o:redhat:enterprise_linux:7::workstation
    cpe:/o:redhat:enterprise_linux:7::client
    cpe:/o:redhat:enterprise_linux:7::server
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:15.8-4.el8_9   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_aus:8.2::baseos
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_aus:8.2::baseos
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_aus:8.2::baseos
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:15.8-2.el8_6   < *
    cpe:/o:redhat:rhel_eus:8.6::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/o:redhat:rhel_eus:8.8::baseos
    cpe:/a:redhat:rhel_eus:8.8::crb
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/o:redhat:rhel_eus:8.8::baseos
    cpe:/a:redhat:rhel_eus:8.8::crb
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:15.8-4.el9_3   < *
    cpe:/o:redhat:enterprise_linux:9::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-3.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:15.8-3.el9_2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40551",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T16:31:11.138934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:19:12.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:50.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1834",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1834"
          },
          {
            "name": "RHSA-2024:1835",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1835"
          },
          {
            "name": "RHSA-2024:1873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1873"
          },
          {
            "name": "RHSA-2024:1876",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1876"
          },
          {
            "name": "RHSA-2024:1883",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1883"
          },
          {
            "name": "RHSA-2024:1902",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1902"
          },
          {
            "name": "RHSA-2024:1903",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1903"
          },
          {
            "name": "RHSA-2024:1959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1959"
          },
          {
            "name": "RHSA-2024:2086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2086"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-40551"
          },
          {
            "name": "RHBZ#2259918",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259918"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::workstation",
            "cpe:/o:redhat:enterprise_linux:7::client",
            "cpe:/o:redhat:enterprise_linux:7::server"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::workstation",
            "cpe:/o:redhat:enterprise_linux:7::client",
            "cpe:/o:redhat:enterprise_linux:7::server"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-signed",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-1.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-aarch64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9_2",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-01-23T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system\u0027s boot phase."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T14:19:30.770Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1834",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1834"
        },
        {
          "name": "RHSA-2024:1835",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1835"
        },
        {
          "name": "RHSA-2024:1873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1873"
        },
        {
          "name": "RHSA-2024:1876",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        },
        {
          "name": "RHSA-2024:1883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1883"
        },
        {
          "name": "RHSA-2024:1902",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1902"
        },
        {
          "name": "RHSA-2024:1903",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1903"
        },
        {
          "name": "RHSA-2024:1959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1959"
        },
        {
          "name": "RHSA-2024:2086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2086"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-40551"
        },
        {
          "name": "RHBZ#2259918",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259918"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-07-26T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-23T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Shim: out of bounds read when parsing mz binaries",
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-40551",
    "datePublished": "2024-01-29T16:46:43.579Z",
    "dateReserved": "2023-08-15T20:04:15.616Z",
    "dateUpdated": "2024-11-24T14:19:30.770Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3677
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 10:50
Severity ?
Summary
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
References
http://www.openwall.com/lists/oss-security/2014/10/13/4mailing-list, x_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/96989vdb-entry, x_refsource_XF
http://rhn.redhat.com/errata/RHSA-2014-1801.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/70410vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20141013 shim RCE",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
          },
          {
            "name": "shim-cve20143677-code-exec(96989)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96989"
          },
          {
            "name": "RHSA-2014:1801",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
          },
          {
            "name": "70410",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70410"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20141013 shim RCE",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
        },
        {
          "name": "shim-cve20143677-code-exec(96989)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96989"
        },
        {
          "name": "RHSA-2014:1801",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
        },
        {
          "name": "70410",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70410"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3677",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20141013 shim RCE",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
            },
            {
              "name": "shim-cve20143677-code-exec(96989)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96989"
            },
            {
              "name": "RHSA-2014:1801",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
            },
            {
              "name": "70410",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70410"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3677",
    "datePublished": "2014-10-22T14:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:17.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3676
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 10:50
Severity ?
Summary
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
References
http://www.openwall.com/lists/oss-security/2014/10/13/4mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/70409vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2014-1801.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/96988vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20141013 shim RCE",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
          },
          {
            "name": "70409",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70409"
          },
          {
            "name": "RHSA-2014:1801",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
          },
          {
            "name": "shim-cve20143676-bo(96988)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96988"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the \"tftp:// DHCPv6 boot option.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20141013 shim RCE",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
        },
        {
          "name": "70409",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70409"
        },
        {
          "name": "RHSA-2014:1801",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
        },
        {
          "name": "shim-cve20143676-bo(96988)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96988"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3676",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the \"tftp:// DHCPv6 boot option.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20141013 shim RCE",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
            },
            {
              "name": "70409",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70409"
            },
            {
              "name": "RHSA-2014:1801",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
            },
            {
              "name": "shim-cve20143676-bo(96988)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96988"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3676",
    "datePublished": "2014-10-22T14:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:18.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-28737
Vulnerability from cvelistv5
Published
2023-07-20 00:26
Modified
2024-10-22 13:17
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
References
https://www.openwall.com/lists/oss-security/2022/06/07/5mailing-list
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737issue-tracking
Impacted products
Vendor Product Version
Red Hat Bootloader Team shim Version: 0   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:03:52.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "shim",
            "vendor": "redhat",
            "versions": [
              {
                "lessThan": "15.6",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-28737",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:15:51.434701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:17:50.789Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "packageName": "shim",
          "platforms": [
            "Linux"
          ],
          "product": "shim",
          "repo": "https://github.com/rhboot/shim/",
          "vendor": "Red Hat Bootloader Team",
          "versions": [
            {
              "lessThan": "15.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Chris Coulson"
        }
      ],
      "datePublic": "2022-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "There\u0027s a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-20T15:38:14.142Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737"
        }
      ],
      "title": "There\u0027s a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2022-28737",
    "datePublished": "2023-07-20T00:26:15.627Z",
    "dateReserved": "2022-04-05T21:59:08.761Z",
    "dateUpdated": "2024-10-22T13:17:50.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-40549
Vulnerability from cvelistv5
Published
2024-01-29 16:29
Modified
2024-11-24 14:19
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
References
https://access.redhat.com/errata/RHSA-2024:1834vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1835vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1873vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1876vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1883vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1902vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1903vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1959vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2086vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-40549vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2241797issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-3.el7   < *
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
    cpe:/o:redhat:enterprise_linux:7::client
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-1.el7   < *
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
    cpe:/o:redhat:enterprise_linux:7::client
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:15.8-4.el8_9   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_aus:8.2::baseos
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_aus:8.2::baseos
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_aus:8.2::baseos
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:15.8-2.el8_6   < *
    cpe:/o:redhat:rhel_eus:8.6::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:15.8-4.el9_3   < *
    cpe:/o:redhat:enterprise_linux:9::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-3.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:15.8-3.el9_2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:50.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1834",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1834"
          },
          {
            "name": "RHSA-2024:1835",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1835"
          },
          {
            "name": "RHSA-2024:1873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1873"
          },
          {
            "name": "RHSA-2024:1876",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1876"
          },
          {
            "name": "RHSA-2024:1883",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1883"
          },
          {
            "name": "RHSA-2024:1902",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1902"
          },
          {
            "name": "RHSA-2024:1903",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1903"
          },
          {
            "name": "RHSA-2024:1959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1959"
          },
          {
            "name": "RHSA-2024:2086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2086"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-40549"
          },
          {
            "name": "RHBZ#2241797",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241797"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40549",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-11T19:17:30.752609Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:53:09.919Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation",
            "cpe:/o:redhat:enterprise_linux:7::client"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation",
            "cpe:/o:redhat:enterprise_linux:7::client"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-signed",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-1.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.2::baseos",
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-aarch64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9_2",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-01-23T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T14:19:11.402Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1834",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1834"
        },
        {
          "name": "RHSA-2024:1835",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1835"
        },
        {
          "name": "RHSA-2024:1873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1873"
        },
        {
          "name": "RHSA-2024:1876",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        },
        {
          "name": "RHSA-2024:1883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1883"
        },
        {
          "name": "RHSA-2024:1902",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1902"
        },
        {
          "name": "RHSA-2024:1903",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1903"
        },
        {
          "name": "RHSA-2024:1959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1959"
        },
        {
          "name": "RHSA-2024:2086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2086"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-40549"
        },
        {
          "name": "RHBZ#2241797",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241797"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-02T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-23T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file",
      "workarounds": [
        {
          "lang": "en",
          "value": "There\u0027s no available mitigation for this issue."
        }
      ],
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-40549",
    "datePublished": "2024-01-29T16:29:26.170Z",
    "dateReserved": "2023-08-15T20:04:15.615Z",
    "dateUpdated": "2024-11-24T14:19:11.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3675
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 10:50
Severity ?
Summary
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
References
http://www.openwall.com/lists/oss-security/2014/10/13/4mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/70407vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2014-1801.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/96981vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20141013 shim RCE",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
          },
          {
            "name": "70407",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70407"
          },
          {
            "name": "RHSA-2014:1801",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
          },
          {
            "name": "shim-cve20143675-dos(96981)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96981"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20141013 shim RCE",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
        },
        {
          "name": "70407",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70407"
        },
        {
          "name": "RHSA-2014:1801",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
        },
        {
          "name": "shim-cve20143675-dos(96981)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96981"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3675",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20141013 shim RCE",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
            },
            {
              "name": "70407",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70407"
            },
            {
              "name": "RHSA-2014:1801",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
            },
            {
              "name": "shim-cve20143675-dos(96981)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96981"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3675",
    "datePublished": "2014-10-22T14:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:18.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-40548
Vulnerability from cvelistv5
Published
2024-01-29 14:53
Modified
2024-11-24 14:19
Severity ?
7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
References
https://access.redhat.com/errata/RHSA-2024:1834vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1835vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1873vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1876vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1883vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1902vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1903vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1959vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2086vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-40548vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2241782issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-3.el7   < *
    cpe:/o:redhat:enterprise_linux:7::client
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-1.el7   < *
    cpe:/o:redhat:enterprise_linux:7::client
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:15.8-4.el8_9   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_e4s:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:15.8-2.el8_6   < *
    cpe:/o:redhat:rhel_eus:8.6::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:15.8-4.el9_3   < *
    cpe:/o:redhat:enterprise_linux:9::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-3.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::appstream
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::appstream
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/a:redhat:rhel_eus:9.0::appstream
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:15.8-3.el9_2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:50.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1834",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1834"
          },
          {
            "name": "RHSA-2024:1835",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1835"
          },
          {
            "name": "RHSA-2024:1873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1873"
          },
          {
            "name": "RHSA-2024:1876",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1876"
          },
          {
            "name": "RHSA-2024:1883",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1883"
          },
          {
            "name": "RHSA-2024:1902",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1902"
          },
          {
            "name": "RHSA-2024:1903",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1903"
          },
          {
            "name": "RHSA-2024:1959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1959"
          },
          {
            "name": "RHSA-2024:2086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2086"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-40548"
          },
          {
            "name": "RHBZ#2241782",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::client",
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::client",
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-signed",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-1.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_e4s:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-aarch64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9_2",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2023-10-03T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T14:19:01.409Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1834",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1834"
        },
        {
          "name": "RHSA-2024:1835",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1835"
        },
        {
          "name": "RHSA-2024:1873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1873"
        },
        {
          "name": "RHSA-2024:1876",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        },
        {
          "name": "RHSA-2024:1883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1883"
        },
        {
          "name": "RHSA-2024:1902",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1902"
        },
        {
          "name": "RHSA-2024:1903",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1903"
        },
        {
          "name": "RHSA-2024:1959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1959"
        },
        {
          "name": "RHSA-2024:2086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2086"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-40548"
        },
        {
          "name": "RHBZ#2241782",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-02T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-10-03T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems",
      "workarounds": [
        {
          "lang": "en",
          "value": "There\u0027s no available mitigation for this issue."
        }
      ],
      "x_redhatCweChain": "(CWE-190|CWE-787): Integer Overflow or Wraparound or Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-40548",
    "datePublished": "2024-01-29T14:53:44.319Z",
    "dateReserved": "2023-08-15T20:04:15.615Z",
    "dateUpdated": "2024-11-24T14:19:01.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-40550
Vulnerability from cvelistv5
Published
2024-01-29 16:29
Modified
2024-11-24 14:19
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
References
https://access.redhat.com/errata/RHSA-2024:1834vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1835vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1873vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1876vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1883vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1902vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1903vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1959vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2086vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-40550vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2259915issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-3.el7   < *
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
    cpe:/o:redhat:enterprise_linux:7::client
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:15.8-1.el7   < *
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
    cpe:/o:redhat:enterprise_linux:7::client
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:15.8-4.el8_9   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_2   < *
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:15.8-2.el8_4   < *
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:15.8-2.el8_6   < *
    cpe:/o:redhat:rhel_eus:8.6::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:15.8-2.el8   < *
    cpe:/a:redhat:rhel_eus:8.8::crb
    cpe:/o:redhat:rhel_eus:8.8::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:15.8-4.el9_3   < *
    cpe:/o:redhat:enterprise_linux:9::baseos
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-3.el9   < *
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:15.8-2.el9   < *
    cpe:/o:redhat:rhel_eus:9.0::baseos
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/a:redhat:rhel_eus:9.0::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:15.8-3.el9_2   < *
    cpe:/o:redhat:rhel_eus:9.2::baseos
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:50.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1834",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1834"
          },
          {
            "name": "RHSA-2024:1835",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1835"
          },
          {
            "name": "RHSA-2024:1873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1873"
          },
          {
            "name": "RHSA-2024:1876",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1876"
          },
          {
            "name": "RHSA-2024:1883",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1883"
          },
          {
            "name": "RHSA-2024:1902",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1902"
          },
          {
            "name": "RHSA-2024:1903",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1903"
          },
          {
            "name": "RHSA-2024:1959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1959"
          },
          {
            "name": "RHSA-2024:2086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2086"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-40550"
          },
          {
            "name": "RHBZ#2259915",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259915"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation",
            "cpe:/o:redhat:enterprise_linux:7::client"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation",
            "cpe:/o:redhat:enterprise_linux:7::client"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-signed",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-1.el7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el8_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::crb",
            "cpe:/o:redhat:rhel_eus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-4.el9_3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-aarch64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.0::baseos",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "shim-unsigned-x64",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-2.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "shim",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:15.8-3.el9_2",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-01-23T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system\u0027s boot phase."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T14:19:14.562Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1834",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1834"
        },
        {
          "name": "RHSA-2024:1835",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1835"
        },
        {
          "name": "RHSA-2024:1873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1873"
        },
        {
          "name": "RHSA-2024:1876",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        },
        {
          "name": "RHSA-2024:1883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1883"
        },
        {
          "name": "RHSA-2024:1902",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1902"
        },
        {
          "name": "RHSA-2024:1903",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1903"
        },
        {
          "name": "RHSA-2024:1959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1959"
        },
        {
          "name": "RHSA-2024:2086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2086"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-40550"
        },
        {
          "name": "RHBZ#2259915",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259915"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-23T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-23T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Shim: out-of-bound read in verify_buffer_sbat()",
      "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-40550",
    "datePublished": "2024-01-29T16:29:23.050Z",
    "dateReserved": "2023-08-15T20:04:15.615Z",
    "dateUpdated": "2024-11-24T14:19:14.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2024-01-29 17:15
Modified
2024-11-21 08:19
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
Summary
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1834
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1835
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1873
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1876
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1883
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1902
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1903
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1959
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2086
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-40551Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2259918Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1834
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1835
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1873
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1876
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1883
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1902
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1903
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1959
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2086
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-40551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2259918Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html
Impacted products
Vendor Product Version
redhat shim *
fedoraproject fedora 39
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01639865-3664-4034-BCFB-F4E09AF37F28",
              "versionEndExcluding": "15.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system\u0027s boot phase."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en el formato binario MZ en Shim. Es posible que se produzca una lectura fuera de los l\u00edmites, lo que provocar\u00e1 un bloqueo o una posible exposici\u00f3n de datos confidenciales durante la fase de inicio del sistema."
    }
  ],
  "id": "CVE-2023-40551",
  "lastModified": "2024-11-21T08:19:42.337",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.2,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-29T17:15:08.970",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40551"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-29 17:15
Modified
2024-11-21 08:19
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1834
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1835
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1873
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1876
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1883
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1902
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1903
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1959
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2086
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-40546Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2241796Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1834
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1835
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1873
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1876
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1883
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1902
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1903
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1959
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2086
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-40546Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2241796Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html
Impacted products
Vendor Product Version
redhat shim *
fedoraproject fedora 39
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01639865-3664-4034-BCFB-F4E09AF37F28",
              "versionEndExcluding": "15.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn\u0027t match the format string used by it, leading to a crash under certain circumstances."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en Shim cuando ocurri\u00f3 un error al crear una nueva variable ESL. Si Shim no puede crear la nueva variable, intenta imprimir un mensaje de error para el usuario; sin embargo, la cantidad de par\u00e1metros utilizados por la funci\u00f3n de registro no coincide con la cadena de formato utilizada, lo que provoca un bloqueo en determinadas circunstancias."
    }
  ],
  "id": "CVE-2023-40546",
  "lastModified": "2024-11-21T08:19:41.450",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-29T17:15:08.347",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40546"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-1801.htmlBroken Link
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/10/13/4Exploit, Mailing List
secalert@redhat.comhttp://www.securityfocus.com/bid/70409Third Party Advisory, VDB Entry
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/96988Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1801.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/10/13/4Exploit, Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/70409Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/96988Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
redhat shim *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "108DCECE-C8B8-43E8-858F-80DC51631CE8",
              "versionEndExcluding": "0.8",
              "versionStartIncluding": "0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the \"tftp:// DHCPv6 boot option.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en la memoria din\u00e1mica en Shim permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una direcci\u00f3n IPv6 manipulada, relacionado con la opci\u00f3n de arranque \u0027tftp:// DHCPv6.\u0027"
    }
  ],
  "id": "CVE-2014-3676",
  "lastModified": "2024-11-21T02:08:37.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-22T14:55:06.153",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70409"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96988"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-07-20 01:15
Modified
2024-11-21 06:57
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
References
security@ubuntu.comhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737Third Party Advisory
security@ubuntu.comhttps://www.openwall.com/lists/oss-security/2022/06/07/5Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2022/06/07/5Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
redhat shim *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A305DFD-CD50-408F-843E-0234EE1D25DA",
              "versionEndExcluding": "15.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There\u0027s a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario."
    }
  ],
  "id": "CVE-2022-28737",
  "lastModified": "2024-11-21T06:57:50.197",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 5.9,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-20T01:15:10.473",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-29 17:15
Modified
2024-11-21 08:19
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1834
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1835
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1873
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1876
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1883
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1902
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1903
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1959
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2086
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-40550Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2259915Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1834
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1835
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1873
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1876
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1883
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1902
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1903
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1959
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2086
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-40550Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2259915Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html
Impacted products
Vendor Product Version
redhat shim *
fedoraproject fedora 39
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01639865-3664-4034-BCFB-F4E09AF37F28",
              "versionEndExcluding": "15.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system\u0027s boot phase."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo de lectura fuera de los l\u00edmites en Shim cuando intent\u00f3 validar la informaci\u00f3n SBAT. Este problema puede exponer datos confidenciales durante la fase de inicio del sistema."
    }
  ],
  "id": "CVE-2023-40550",
  "lastModified": "2024-11-21T08:19:42.160",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-29T17:15:08.773",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40550"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-25 16:15
Modified
2024-11-21 08:19
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1834
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1835
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1873
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1876
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1883
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1902
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1903
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1959
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2086
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-40547Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2234589Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/01/26/1
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1834
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1835
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1873
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1876
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1883
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1902
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1903
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1959
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2086
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-40547Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2234589Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html
Impacted products
Vendor Product Version
redhat shim *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01639865-3664-4034-BCFB-F4E09AF37F28",
              "versionEndExcluding": "15.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Shim. El soporte de arranque Shim conf\u00eda en los valores controlados por el atacante al analizar una respuesta HTTP. Este fallo permite a un atacante manipular una solicitud HTTP maliciosa espec\u00edfica, lo que lleva a una escritura fuera de los l\u00edmites completamente controlada primitiva y a un compromiso completo del sistema."
    }
  ],
  "id": "CVE-2023-40547",
  "lastModified": "2024-11-21T08:19:41.650",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-25T16:15:07.717",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40547"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2024/01/26/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-29 15:15
Modified
2024-11-21 08:19
Severity ?
7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1834
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1835
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1873
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1876
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1883
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1902
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1903
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1959
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2086
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-40548Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2241782Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1834
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1835
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1873
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1876
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1883
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1902
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1903
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1959
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2086
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-40548Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2241782Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html
Impacted products
Vendor Product Version
redhat shim *
redhat shim 15.8
fedoraproject fedora 39


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01639865-3664-4034-BCFB-F4E09AF37F28",
              "versionEndExcluding": "15.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:shim:15.8:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BF11AEF9-B742-46DC-94D2-6160B93767BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en Shim en el sistema de 32 bits. El desbordamiento ocurre debido a una operaci\u00f3n de suma que involucra un valor controlado por el usuario analizado del binario PE que utiliza Shim. Este valor se utiliza adem\u00e1s para operaciones de asignaci\u00f3n de memoria, lo que provoca un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria. Esta falla causa da\u00f1os en la memoria y puede provocar fallas o problemas de integridad de los datos durante la fase de inicio."
    }
  ],
  "id": "CVE-2023-40548",
  "lastModified": "2024-11-21T08:19:41.833",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-29T15:15:08.893",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40548"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-29 17:15
Modified
2024-11-21 08:19
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1834
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1835
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1873
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1876
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1883
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1902
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1903
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1959
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2086
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-40549Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2241797Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1834
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1835
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1873
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1876
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1883
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1902
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1903
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1959
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2086
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-40549Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2241797Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html
Impacted products
Vendor Product Version
redhat shim *
fedoraproject fedora 39
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01639865-3664-4034-BCFB-F4E09AF37F28",
              "versionEndExcluding": "15.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo de lectura fuera de los l\u00edmites en Shim debido a la falta de una verificaci\u00f3n de l\u00edmites adecuada durante la carga de un binario PE. Esta falla permite a un atacante cargar un binario PE manipulado, lo que desencadena el problema y bloquea Shim, lo que resulta en una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2023-40549",
  "lastModified": "2024-11-21T08:19:42.003",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-29T17:15:08.580",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40549"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-1801.htmlBroken Link
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/10/13/4Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/70410Third Party Advisory, VDB Entry
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/96989Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1801.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/10/13/4Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/70410Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/96989Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
redhat shim *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "108DCECE-C8B8-43E8-858F-80DC51631CE8",
              "versionEndExcluding": "0.8",
              "versionStartIncluding": "0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Shim podr\u00eda permitir a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una lista MOK manipulada, lo que provoca la corrupci\u00f3n de la memoria."
    }
  ],
  "id": "CVE-2014-3677",
  "lastModified": "2024-11-21T02:08:38.037",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-22T14:55:06.183",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70410"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96989"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-1801.htmlBroken Link
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/10/13/4Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/70407Third Party Advisory, VDB Entry
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/96981Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1801.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/10/13/4Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/70407Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/96981Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
redhat shim *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "108DCECE-C8B8-43E8-858F-80DC51631CE8",
              "versionEndExcluding": "0.8",
              "versionStartIncluding": "0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet."
    },
    {
      "lang": "es",
      "value": "Shim permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de rango) a trav\u00e9s de un paquete DHCPv6 manipulado."
    }
  ],
  "id": "CVE-2014-3675",
  "lastModified": "2024-11-21T02:08:37.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-22T14:55:06.107",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70407"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96981"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}