github - ghsa-86pm-fpxw-jjjc

ghsa-86pm-fpxw-jjjc

Vulnerability from github

Published

2024-01-29 18:31

Modified

2024-06-10 18:30

Severity

6.2 (Medium) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-40549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-29T17:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.",
  "id": "GHSA-86pm-fpxw-jjjc",
  "modified": "2024-06-10T18:30:52Z",
  "published": "2024-01-29T18:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40549"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-40549"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241797"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-40549

Vulnerability from cvelistv5

Published

2024-01-29 16:29

Modified

2024-09-16 18:23

Severity

6.2 (Medium) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file

References

URL	Tags
https://access.redhat.com/errata/RHSA-2024:1834	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1835	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1873	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1876	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1883	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1902	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1903	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1959	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2086	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-40549	vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2241797	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor	Product
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 8
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat	Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Red Hat	Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support
Red Hat	Red Hat Enterprise Linux 9
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support

Show details on NVD website