shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

The vulnerability of the UEFI loader’s shim, related to reading beyond the field, allows a hacker to trigger a system failure.

The vulnerability of the UEFI loader “shim” is related to errors in reading beyond the boundary, due to the lack of proper boundary checking during the loading of the binary PE file. Exploiting this vulnerability can allow an attacker to cause a system failure...

The vulnerability of the UEFI loader’s shim, related to integer overflow or bypassing, allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UEFI loader Shim is related to buffer overflows in 32-bit systems due to a multiplication operation that involves a user-controllable value analyzed from the binary file PE used by Shim. Exploiting this vulnerability can allow an attacker to compromise the confidentiality...

PT-2024-21455 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the x86/efistub in the Linux kernel, where the .compat section, a dummy PE section containing the address of the 32-bit entrypoint of the 64-bit kernel image, i...

OESA-2024-1117 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker...

AZL-35273 CVE-2023-40549 affecting package shim-unsigned-x64 for versions less than 15.8-3

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

PT-2024-2763 · Shim +6 · Shim +6

Name of the Vulnerable Software and Affected Versions: Shim affected versions not specified Description: The issue is related to an out-of-bounds read flaw in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE...

UBUNTU-CVE-2023-40548

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response EDR systems. SafeBreach researcher Alon Leviev said the methods are "capable of working across all...

CVE-2023-47263

Certain WithSecure products allow a Denial of Service DoS in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure...

The vulnerability of the `dump_relocs_in_section` function in the `objdump.c` component of the GNU Binutils development environment allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the dumprelocsinsection function in the objdump.c component of the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the bfd_getl32 function in the libbfd.c component of the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the bfdgetl32 function in the libbfd.c component of the GNU Binutils development environment involves reading data beyond the acceptable buffer size. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created PE file...

CLSA-2023-1696880132 binutils: Fix of CVE-2020-19726

CVE-2020-19726: Fix parsing a corrupt PE format file...

CLSA-2023-1696879225 binutils: Fix of CVE-2020-19726

CVE-2020-19726: Fix parsing a corrupt PE format file...

CLSA-2023-1696351864 Fix CVE(s): CVE-2020-19726, CVE-2020-19724, CVE-2020-21490, CVE-2020-35342

SECURITY UPDATE: uninitialized-heap vulnerability in function tic4xprintcond in file opcodes/tic4x-dis.c - debian/patches/CVE-2020-35342.patch: Init all of condtable - CVE-2020-35342 SECURITY UPDATE: a memory consumption issue in getdata function in binutils/nm.c -...

CVE-2023-43760

Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure...

CVE-2023-42523

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security fo...