Vulnerability CVE-2023-40546: Information

Description

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Published: Jan. 29, 2024
Modified: April 29, 2024
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
shimsisyphus15.8-alt115.8-alt2ALT-PU-2024-1671-2339548Fixed
shimp1015.8-alt115.8-alt1ALT-PU-2024-1877-3339915Fixed
shimc10f115.8-alt115.8-alt1ALT-PU-2024-4050-2342790Fixed
shimc9f215.8-alt115.8-alt1ALT-PU-2024-1869-3339892Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*
      End excliding
      15.8

      Configuration 2

      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*