CVE-2023-40549

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Shim (affected versions not specified)

Description The issue is related to an out-of-bounds read flaw in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:1902

ALSA-2024:1903

ALT-PU-2024-1671

ALT-PU-2024-1869

ALT-PU-2024-1877

ALT-PU-2024-4050

AZL-34095

AZL-34158

AZL-35256

AZL-35264

AZL-35273

BDU:2024-02897

CESA-2024_1902

CVE-2023-40549

DLA-3813-1

OESA-2024-1117

OESA-2024-1118

OESA-2024-1119

OESA-2024-1120

OPENSUSE-SU-2024_1368-1

RHSA-2024:1834

RHSA-2024:1835

RHSA-2024:1873

RHSA-2024:1876

RHSA-2024:1883

RHSA-2024:1902

RHSA-2024:1903

RHSA-2024:1959

RHSA-2024:2086

RHSA-2024_1902

RHSA-2024_1903

RHSA-2024_1959

SUSE-SU-2024:1368-1

SUSE-SU-2024:1461-1

SUSE-SU-2024:1462-1

SUSE-SU-2025:20136-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Red Os

Shim

Suse

CVE-2023-40549

Weakness Enumeration

Related Identifiers

Affected Products

References · 98