CVE - CVE-2023-45233

CVE-ID
CVE-2023-45233	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20240307-0011/ FEDORA:FEDORA-2024-a9dead34c5 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/ MISC:http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html MISC:https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h URL:https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h MLIST:[oss-security] 20240116 CVE-2023-45229 and others: Multiple vulnerabilities in EDK II UEFI stack (PixieFAIL) URL:http://www.openwall.com/lists/oss-security/2024/01/16/2
Assigning CNA
TianoCore.org
Date Record Created
20231005	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20231005)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)