CPE-DF80F6C2-2435-4B01-B7CA-064898FC50FA Detail

CPE Details

Red Hat Shim 1.0.6

Vendor

redhat

Product

shim

Version

1.0.6

Created

2019-07-01
15h31 +00:00

Modified

2019-07-01
15h31 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:redhat:shim:1.0.6:::::::*

Informations

Vendor

redhat

Product

shim

Version

1.0.6

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-40551	2024-01-29 16h46 +00:00	A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.	5.1	Medium
CVE-2023-40546	2024-01-29 16h29 +00:00	A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.	6.2	Medium
CVE-2023-40549	2024-01-29 16h29 +00:00	An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.	6.2	Medium
CVE-2023-40550	2024-01-29 16h29 +00:00	An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.	5.5	Medium
CVE-2023-40548	2024-01-29 14h53 +00:00	A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.	7.4	High
CVE-2023-40547	2024-01-25 15h54 +00:00	A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.	8.3	High
CVE-2022-28737	2023-07-20 00h26 +00:00	There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.	7.8	High

Red Hat Shim 1.0.6

CPE Details

CPE Name: cpe:2.3:a:redhat:shim:1.0.6:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:redhat:shim:1.0.6:::::::*