CVE-2023-40547

2024-01-2516:15:07

Debian Security Bug Tracker

security-tracker.debian.org

shim

remote code execution

out-of-bounds write

system compromise

http

vulnerability

exploitable

man-in-the-middle

unix

8.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.3%

JSON

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.

OSVersionArchitecturePackageVersionFilename
Debian12allshim<= 15.7-1shim_15.7-1_all.deb
Debian11allshim<= 15.7-1~deb11u1shim_15.7-1~deb11u1_all.deb
Debian10allshim< 15.8-1~deb10u1shim_15.8-1~deb10u1_all.deb
Debian999allshim< 15.8-1shim_15.8-1_all.deb
Debian13allshim<= 15.7-1shim_15.7-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	shim	<= 15.7-1	shim_15.7-1_all.deb
Debian	11	all	shim	<= 15.7-1~deb11u1	shim_15.7-1~deb11u1_all.deb
Debian	10	all	shim	< 15.8-1~deb10u1	shim_15.8-1~deb10u1_all.deb
Debian	999	all	shim	< 15.8-1	shim_15.8-1_all.deb
Debian	13	all	shim	<= 15.7-1	shim_15.7-1_all.deb