Lucene search

[email protected]NVD:CVE-2023-45230

HistoryJan 16, 2024 - 4:15 p.m.

CVE-2023-45230

2024-01-1616:15:11

CWE-119

[email protected]

web.nvd.nist.gov

cve-2023-45230

edk2

network package

buffer overflow

dhcpv6

unauthorized access

confidentiality

integrity

availability

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

20.1%

JSON

EDK2’s Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Affected configurations

Nvd

Node

tianocoreedk2Range≤202311

VendorProductVersionCPE
tianocoreedk2*cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tianocore	edk2	*	cpe:2.3:a:tianocore:edk2::::::::

References

packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

www.openwall.com/lists/oss-security/2024/01/16/2

github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

lists.fedoraproject.org/archives/list/[email protected]/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

security.netapp.com/advisory/ntap-20240307-0011/

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

20.1%

JSON

Related for NVD:CVE-2023-45230

nessus32 redhat10 cve1 alpinelinux1 cvelist1 cbl_mariner3 prion1 ubuntucve1 redhatcve1 debiancve1 oraclelinux7 almalinux2 osv14 rocky1 amazon1 openvas6 thn1 ubuntu1 fedora1 debian1 cert1 redos1