Fluid Attacks Database

Description

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	shim	=15.4-7 \|\| =15.6-1 \|\| =15.6-1~deb10u1 \|\| =15.6-1~deb11u1 \|\| =15.7-1 \|\| =15.7-1~deb10u1 \|\| =15.7-1~deb11u1 \|\| =15.8-1~deb10u1 \|\| >=0 <15.8-1~deb11u1	15.8-1~deb11u1
debian 12	shim	=15.7-1 \|\| =15.8-1~deb10u1 \|\| =15.8-1~deb11u1 \|\| >=0 <15.8-1~deb12u1	15.8-1~deb12u1
debian 13	shim	>=0 <15.8-1	15.8-1
debian 14	shim	>=0 <15.8-1	15.8-1
rpm rhel8.8	shim-unsigned-x64	<0:15.8-2.el8	0:15.8-2.el8
rpm rhel7	shim	<0:15.8-3.el7	0:15.8-3.el7
rpm rhel8	shim	<0:15.8-4.el8_9	0:15.8-4.el8_9
rpm rhel8.6	shim	<0:15.8-2.el8_6	0:15.8-2.el8_6
rpm rhel8.8	shim	<0:15.8-2.el8	0:15.8-2.el8
rpm rhel9	shim	<0:15.8-4.el9_3	0:15.8-4.el9_3

1-10 of 15

Aliases

1. CVE-2023-405472. NVD-2023-405473. OSV-DEBIAN-2023-405474. OSV-2023-405475. SECURITY-TRACKER-CVE-2023-40547

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.