CVE-2023-40546

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Shim (affected versions not specified)

Description The issue is related to a flaw in Shim when creating a new ESL variable. If Shim fails to create the new variable, it attempts to print an error message, but the number of parameters used by the logging function does not match the format string, leading to a crash under certain circumstances. This can be exploited to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:1902

ALSA-2024:1903

ALT-PU-2024-1671

ALT-PU-2024-1869

ALT-PU-2024-1877

ALT-PU-2024-4050

AZL-33984

AZL-34157

AZL-35253

AZL-35261

AZL-35271

BDU:2024-02895

CESA-2024_1902

CVE-2023-40546

DLA-3813-1

OESA-2023-1800

OESA-2023-1801

OESA-2023-1838

OPENSUSE-SU-2024_1368-1

RHSA-2024:1834

RHSA-2024:1835

RHSA-2024:1873

RHSA-2024:1876

RHSA-2024:1883

RHSA-2024:1902

RHSA-2024:1903

RHSA-2024:1959

RHSA-2024:2086

RHSA-2024_1902

RHSA-2024_1903

RHSA-2024_1959

SUSE-SU-2024:1368-1

SUSE-SU-2024:1461-1

SUSE-SU-2024:1462-1

SUSE-SU-2025:20136-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Red Os

Shim

Suse

CVE-2023-40546

Weakness Enumeration

Related Identifiers

Affected Products

References · 94