Lucene search

K

RedhatVULNRICHMENT:CVE-2023-40549

HistoryJan 29, 2024 - 4:29 p.m.

CVE-2023-40549 Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file

2024-01-2916:29:26

CWE-125

redhat

github.com

1

cve-2023-40549

shim

out-of-bounds read

verify_buffer_authenticode

malformed pe file

denial of service

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.

References

access.redhat.com/errata/RHSA-2024:1834

access.redhat.com/errata/RHSA-2024:1835

access.redhat.com/errata/RHSA-2024:1873

access.redhat.com/errata/RHSA-2024:1876

access.redhat.com/errata/RHSA-2024:1883

access.redhat.com/errata/RHSA-2024:1902

access.redhat.com/errata/RHSA-2024:1903

access.redhat.com/errata/RHSA-2024:1959

access.redhat.com/errata/RHSA-2024:2086

access.redhat.com/security/cve/CVE-2023-40549

bugzilla.redhat.com/show_bug.cgi?id=2241797

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2023-40549

cve1 redhatcve1 nvd1 ubuntucve1 debiancve1 nessus26 osv4 prion1 cvelist1 cbl_mariner2 openvas14 fedora3 debian1 redhat9 oraclelinux3 almalinux2 redos1 thn1 ibm2 photon1