Fluid Attacks Database

Description

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	shim	>=0 <15.8-1	15.8-1
debian 11	shim	=15.4-7 \|\| =15.6-1 \|\| =15.6-1~deb10u1 \|\| =15.6-1~deb11u1 \|\| =15.7-1 \|\| =15.7-1~deb10u1 \|\| =15.7-1~deb11u1 \|\| =15.8-1~deb10u1 \|\| >=0 <15.8-1~deb11u1	15.8-1~deb11u1
debian 12	shim	=15.7-1 \|\| =15.8-1~deb10u1 \|\| =15.8-1~deb11u1 \|\| >=0 <15.8-1~deb12u1	15.8-1~deb12u1
debian 13	shim	>=0 <15.8-1	15.8-1
rpm rhel9.2	shim	<0:15.8-3.el9_2	0:15.8-3.el9_2
rpm rhel8.8	shim	<0:15.8-2.el8	0:15.8-2.el8
rpm rhel9	shim	<0:15.8-4.el9_3	0:15.8-4.el9_3
rpm rhel9.0	shim-unsigned-x64	<0:15.8-2.el9	0:15.8-2.el9
rpm rhel9.0	shim	<0:15.8-3.el9	0:15.8-3.el9
rpm rhel7	shim	<0:15.8-3.el7	0:15.8-3.el7

1-10 of 15

Aliases

1. CVE-2023-405492. NVD-2023-405493. OSV-DEBIAN-2023-405494. OSV-2023-405495. SECURITY-TRACKER-CVE-2023-40549

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.