CVE-2023-40549
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Jan 29, 2024
Updated: Jun 10, 2024
CWE ID 125
Summary
CVE-2023-40549 is a newly discovered cybersecurity vulnerability affecting Shim, a component used in Microsoft Windows operating systems. This issue is caused by an out-of-bounds read flaw, which occurs due to the lack of proper boundary verification during the load of a PE (Portable Executable) binary. An attacker can take advantage of this vulnerability by providing a crafted PE binary, leading to the triggering of the issue and causing Shim to crash. The end result is a denial of service, preventing legitimate users from accessing the affected system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Red Hat Enterprise Linux
- Fedora Operating System
Affected Vendors
- Red Hat
- Fedora Project