gsd-2023-40548
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-40548", id: "GSD-2023-40548", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-40548", ], details: "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.", id: "GSD-2023-40548", modified: "2023-12-13T01:20:43.595300Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2023-40548", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Red Hat Enterprise Linux 7", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el7", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-1.el7", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el8_9", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.2 Advanced Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 8.8 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 9", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el9_3", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 9.0 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, }, { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, }, ], }, }, { product_name: "Red Hat Enterprise Linux 9.2 Extended Update Support", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "affected", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9_2", versionType: "rpm", }, ], }, }, ], }, }, ], }, vendor_name: "Red Hat", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.", }, ], }, impact: { cvss: [ { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-787", lang: "eng", value: "Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://access.redhat.com/errata/RHSA-2024:1834", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "https://access.redhat.com/errata/RHSA-2024:1835", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "https://access.redhat.com/errata/RHSA-2024:1873", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "https://access.redhat.com/errata/RHSA-2024:1876", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "https://access.redhat.com/errata/RHSA-2024:1883", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "https://access.redhat.com/errata/RHSA-2024:1902", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "https://access.redhat.com/errata/RHSA-2024:1903", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "https://access.redhat.com/errata/RHSA-2024:1959", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "https://access.redhat.com/security/cve/CVE-2023-40548", refsource: "MISC", url: "https://access.redhat.com/security/cve/CVE-2023-40548", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2241782", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241782", }, ], }, work_around: [ { lang: "en", value: "There's no available mitigation for this issue.", }, ], }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*", matchCriteriaId: "01639865-3664-4034-BCFB-F4E09AF37F28", versionEndExcluding: "15.8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:shim:15.8:rc1:*:*:*:*:*:*", matchCriteriaId: "BF11AEF9-B742-46DC-94D2-6160B93767BD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.", }, { lang: "es", value: "Se encontró un desbordamiento de búfer en Shim en el sistema de 32 bits. El desbordamiento ocurre debido a una operación de suma que involucra un valor controlado por el usuario analizado del binario PE que utiliza Shim. Este valor se utiliza además para operaciones de asignación de memoria, lo que provoca un desbordamiento de búfer en la región Heap de la memoria. Esta falla causa daños en la memoria y puede provocar fallas o problemas de integridad de los datos durante la fase de inicio.", }, ], id: "CVE-2023-40548", lastModified: "2024-04-25T14:15:08.587", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 4.7, source: "secalert@redhat.com", type: "Secondary", }, ], }, published: "2024-01-29T15:15:08.893", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-40548", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241782", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-190", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.