VYPR

Shim

by Shim Project

Source repositories

CVEs (5)

  • CVE-2023-40549Jan 29, 2024
    risk 0.00cvss epss 0.00

    An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.

  • CVE-2023-40548Jan 29, 2024
    risk 0.00cvss epss 0.00

    A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer…

  • CVE-2023-40547Jan 25, 2024
    risk 0.00cvss epss 0.05

    A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write…

  • CVE-2022-28737Jul 20, 2023
    risk 0.00cvss epss 0.00

    There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into…

  • CVE-2014-8399Oct 31, 2014
    risk 0.00cvss epss 0.00

    The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors.