A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2024-01-25T15:54:23.102Z
Updated: 2024-05-08T08:21:56.201Z
Reserved: 2023-08-15T20:04:15.615Z
Link: CVE-2023-40547
JSON object: View
NVD Information
Status : Modified
Published: 2024-01-25T16:15:07.717
Modified: 2024-06-10T18:15:22.260
Link: CVE-2023-40547
JSON object: View
Redhat Information
No data.