ID CVE-2014-3676
Summary Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:shim:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:shim:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:shim:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:shim:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:shim:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:shim:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:shim:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:shim:0.7:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 07-04-2021 - 13:40)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2014:1801
rpms
  • mokutil-0:0.7-8.el7_0
  • shim-0:0.7-8.el7_0
  • shim-debuginfo-0:0.7-8.el7_0
  • shim-unsigned-0:0.7-8.el7_0
refmap via4
bid 70409
mlist [oss-security] 20141013 shim RCE
xf shim-cve20143676-bo(96988)
Last major update 07-04-2021 - 13:40
Published 22-10-2014 - 14:55
Last modified 07-04-2021 - 13:40
Back to Top