CVE-2023-40548

{"id": "CVE-2023-40548", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.4}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 1.4}]}, "published": "2024-01-29T15:15:08.893", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1834", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1835", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1873", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1876", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1883", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1902", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1903", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1959", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2086", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-40548", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase."}, {"lang": "es", "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en Shim en el sistema de 32 bits. El desbordamiento ocurre debido a una operaci\u00f3n de suma que involucra un valor controlado por el usuario analizado del binario PE que utiliza Shim. Este valor se utiliza adem\u00e1s para operaciones de asignaci\u00f3n de memoria, lo que provoca un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria. Esta falla causa da\u00f1os en la memoria y puede provocar fallas o problemas de integridad de los datos durante la fase de inicio."}], "lastModified": "2024-06-10T18:15:22.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01639865-3664-4034-BCFB-F4E09AF37F28", "versionEndExcluding": "15.8"}, {"criteria": "cpe:2.3:a:redhat:shim:15.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF11AEF9-B742-46DC-94D2-6160B93767BD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}