CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40551 – Shim: out of bounds read when parsing mz binaries
https://notcve.org/view.php?id=CVE-2023-40551
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase. Se encontró un fallo en el formato binario MZ en Shim. Es posible que se produzca una lectura fuera de los límites, lo que provocará un bloqueo o una posible exposición de datos confidenciales durante la fase de inicio del sistema. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve&# • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40546 – Shim: out-of-bounds read printing error messages
https://notcve.org/view.php?id=CVE-2023-40546
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances. Se encontró un fallo en Shim cuando ocurrió un error al crear una nueva variable ESL. Si Shim no puede crear la nueva variable, intenta imprimir un mensaje de error para el usuario; sin embargo, la cantidad de parámetros utilizados por la función de registro no coincide con la cadena de formato utilizada, lo que provoca un bloqueo en determinadas circunstancias. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve&# • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40549 – Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file
https://notcve.org/view.php?id=CVE-2023-40549
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service. Se encontró un fallo de lectura fuera de los límites en Shim debido a la falta de una verificación de límites adecuada durante la carga de un binario PE. Esta falla permite a un atacante cargar un binario PE manipulado, lo que desencadena el problema y bloquea Shim, lo que resulta en una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve&# • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40550 – Shim: out-of-bound read in verify_buffer_sbat()
https://notcve.org/view.php?id=CVE-2023-40550
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase. Se encontró un fallo de lectura fuera de los límites en Shim cuando intentó validar la información SBAT. Este problema puede exponer datos confidenciales durante la fase de inicio del sistema. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve&# • CWE-125: Out-of-bounds Read •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40548 – Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems
https://notcve.org/view.php?id=CVE-2023-40548
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. Se encontró un desbordamiento de búfer en Shim en el sistema de 32 bits. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •