Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
Vulnerability Description
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
shim 缓冲区错误漏洞
Vulnerability Description
shim是一个SciDB的简单HTTP服务。 shim 存在缓冲区错误漏洞,该漏洞源于加载特制的EFI图像时缓冲区溢出。
CVSS Information
N/A
Vulnerability Type
N/A