HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2023-45232

CVSS 7.5v3.1pub. 2024-01-16upd. 2025-11-04

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Tianocore Edk2

    APP
    Tianocore
    ≤ 202311
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-45234HIGH8.3ten sam produkt

EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option fr...

CVE-2023-45235HIGH8.3ten sam produkt

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option ...

CVE-2023-45230HIGH8.3ten sam produkt

EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6...

CVE-2023-45233HIGH7.5ten sam produkt

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Desti...

CVE-2022-36764HIGH7.0ten sam produkt

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap...