CVE-2014-3677 — Out-of-bounds Write in Redhat Shim

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 19.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Shim

Timeline

PublishedOct 22

Latest updateMay 13

Description

Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDredhat/shim0.3 — 0.8

▶Ubunturedhat/shim< 0.8-0ubuntu2

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-mcwp-922h-789p: Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption↗2022-05-13

▶

OSV

CVE-2014-3677: Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption↗2014-10-22

▶

CVEList

CVE-2014-3677: Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption↗2014-10-22

▶

📋Vendor Advisories

Red Hat

shim: memory corruption flaw when processing Machine Owner Keys (MOKs)↗2014-10-13

▶

💬Community

Bugzilla

CVE-2014-3676 CVE-2014-3677 CVE-2014-3675 shim: various flaws [fedora-all]↗2014-10-14

▶

Bugzilla

CVE-2014-3677 shim: memory corruption flaw when processing Machine Owner Keys (MOKs)↗2014-10-01

▶