Fluid Attacks Database

Description

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	shim	=15.4-7 \|\| =15.6-1 \|\| =15.6-1~deb10u1 \|\| =15.6-1~deb11u1 \|\| =15.7-1 \|\| =15.7-1~deb10u1 \|\| =15.7-1~deb11u1 \|\| =15.8-1~deb10u1 \|\| >=0 <15.8-1~deb11u1	15.8-1~deb11u1
debian 12	shim	=15.7-1 \|\| =15.8-1~deb10u1 \|\| =15.8-1~deb11u1 \|\| >=0 <15.8-1~deb12u1	15.8-1~deb12u1
debian 13	shim	>=0 <15.8-1	15.8-1
debian 14	shim	>=0 <15.8-1	15.8-1
rpm rhel9.0	shim-unsigned-aarch64	<0:15.8-2.el9	0:15.8-2.el9
rpm rhel7	shim	<0:15.8-3.el7	0:15.8-3.el7
rpm rhel8	shim	<0:15.8-4.el8_9	0:15.8-4.el8_9
rpm rhel8.6	shim	<0:15.8-2.el8_6	0:15.8-2.el8_6
rpm rhel8.8	shim	<0:15.8-2.el8	0:15.8-2.el8
rpm rhel9	shim	<0:15.8-4.el9_3	0:15.8-4.el9_3

1-10 of 15

Aliases

1. CVE-2023-405482. NVD-2023-405483. OSV-DEBIAN-2023-405484. OSV-2023-405485. SECURITY-TRACKER-CVE-2023-40548

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.