Lucene search

K

[email protected]NVD:CVE-2023-40549

HistoryJan 29, 2024 - 5:15 p.m.

CVE-2023-40549

2024-01-2917:15:08

CWE-125

[email protected]

web.nvd.nist.gov

cve-2023-40549

boundary verification

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.

Affected configurations

NVD

Node

redhatshimRange<15.8

Node

fedoraprojectfedoraMatch39

OR

redhatenterprise_linuxMatch8.0

OR

redhatenterprise_linuxMatch9.0

References

access.redhat.com/errata/RHSA-2024:1834

access.redhat.com/errata/RHSA-2024:1835

access.redhat.com/errata/RHSA-2024:1873

access.redhat.com/errata/RHSA-2024:1876

access.redhat.com/errata/RHSA-2024:1883

access.redhat.com/errata/RHSA-2024:1902

access.redhat.com/errata/RHSA-2024:1903

access.redhat.com/errata/RHSA-2024:1959

access.redhat.com/errata/RHSA-2024:2086

access.redhat.com/security/cve/CVE-2023-40549

bugzilla.redhat.com/show_bug.cgi?id=2241797

lists.debian.org/debian-lts-announce/2024/05/msg00009.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2023-40549

cve1 osv4 ubuntucve1 debiancve1 redhatcve1 prion1 cvelist1 openvas14 nessus23 fedora3 redhat9 debian1 oraclelinux3 redos1 almalinux2 thn1 ibm1