Fluid Attacks Database

Description

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	shim	=15.4-7 \|\| =15.6-1 \|\| =15.6-1~deb10u1 \|\| =15.6-1~deb11u1 \|\| =15.7-1 \|\| =15.7-1~deb10u1 \|\| =15.7-1~deb11u1 \|\| =15.8-1~deb10u1 \|\| >=0 <15.8-1~deb11u1	15.8-1~deb11u1
debian 12	shim	=15.7-1 \|\| =15.8-1~deb10u1 \|\| =15.8-1~deb11u1 \|\| >=0 <15.8-1~deb12u1	15.8-1~deb12u1
debian 13	shim	>=0 <15.8-1	15.8-1
debian 14	shim	>=0 <15.8-1	15.8-1
rpm rhel9	shim	<0:15.8-4.el9_3	0:15.8-4.el9_3
rpm rhel8.8	shim	<0:15.8-2.el8	0:15.8-2.el8
rpm rhel9.0	shim-unsigned-aarch64	<0:15.8-2.el9	0:15.8-2.el9
rpm rhel8.6	shim	<0:15.8-2.el8_6	0:15.8-2.el8_6
rpm rhel8	shim	<0:15.8-4.el8_9	0:15.8-4.el8_9
rpm rhel7	shim	<0:15.8-3.el7	0:15.8-3.el7

1-10 of 15

Aliases

1. CVE-2023-405512. NVD-2023-405513. OSV-DEBIAN-2023-405514. OSV-2023-405515. SECURITY-TRACKER-CVE-2023-40551

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.