CVE-2023-40547

CVSS V2 None CVSS V3 None
Description
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
Overview
  • CVE ID
  • CVE-2023-40547
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-01-25T15:54:23.102Z
  • Last Modified Date
  • 2024-05-08T08:21:56.201Z
References
History
Created Old Value New Value Data Type Notes
2024-06-25 01:58:29 Added to TrackCVE