Lucene search

[email protected]CVE-2014-3677

HistoryOct 22, 2014 - 2:55 p.m.

CVE-2014-3677

2014-10-2214:55:06

[email protected]

web.nvd.nist.gov

cve-2014-3677

vulnerability

shim

arbitrary code execution

crafted mok list

memory corruption

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

Affected configurations

NVD

Node

redhatshimRange0.3–0.8

CPENameOperatorVersion
redhat:shimredhat shimlt0.8

CPE	Name	Operator	Version
redhat:shim	redhat shim	lt	0.8

References

rhn.redhat.com/errata/RHSA-2014-1801.html

www.openwall.com/lists/oss-security/2014/10/13/4

www.securityfocus.com/bid/70410

exchange.xforce.ibmcloud.com/vulnerabilities/96989

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

Related for CVE-2014-3677

nvd1 prion1 cvelist1 ubuntucve1 nessus8 openvas8 fedora7 oraclelinux1 redhat1 suse1