CVE-2023-40549

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 29, 2024
Updated: Jun 10, 2024
CWE ID 125

Summary

CVE-2023-40549 is a newly discovered cybersecurity vulnerability affecting Shim, a component used in Microsoft Windows operating systems. This issue is caused by an out-of-bounds read flaw, which occurs due to the lack of proper boundary verification during the load of a PE (Portable Executable) binary. An attacker can take advantage of this vulnerability by providing a crafted PE binary, leading to the triggering of the issue and causing Shim to crash. The end result is a denial of service, preventing legitimate users from accessing the affected system.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Red Hat Enterprise Linux
  • Fedora Operating System

Affected Vendors

  • Red Hat
  • Fedora Project