Shim
CVE-2014-3675
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1DescriptionCVE.org
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
AnalysisAI
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. Affected products include: Redhat Shim.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related
A remote code execution vulnerability was found in Shim. Rated high severity (CVSS 8.3), this vulnerability is no authen
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers
A buffer overflow was found in Shim in the 32-bit system. Rated high severity (CVSS 7.4), this vulnerability is no authe
The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a de
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today