VYPR

Shim

by Shim

CVEs (2)

  • CVE-2023-40547HigJan 25, 2024
    risk 0.54cvss 8.3epss 0.05

    A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write…

  • CVE-2023-40546MedJan 29, 2024
    risk 0.40cvss 6.2epss 0.00

    A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it,…