CVE-2023-45232

CVSS V2 None CVSS V3 None

Description

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Overview

CVE ID
CVE-2023-45232

Assigner
TianoCore

Vulnerability Status
PUBLISHED

Published Version
2024-01-16T16:12:32.584Z

Last Modified Date
2024-01-16T16:12:32.584Z

Weakness Enumerations

CWE	URL
CWE-835	http://cwe.mitre.org/data/definitions/835.html

References

Reference URL	Reference Tags
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h	vendor-advisory
http://www.openwall.com/lists/oss-security/2024/01/16/2
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
https://security.netapp.com/advisory/ntap-20240307-0011/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-45232
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 10:14:01				Added to TrackCVE