Lucene search

K

[email protected]NVD:CVE-2023-45232

HistoryJan 16, 2024 - 4:15 p.m.

CVE-2023-45232

2024-01-1616:15:12

CWE-835

[email protected]

web.nvd.nist.gov

edk2

network package

infinite loop

vulnerability

ipv6

unauthorized access

availability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

EDK2’s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.

Affected configurations

NVD

Node

tianocoreedk2Range≤202311

References

packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

www.openwall.com/lists/oss-security/2024/01/16/2

github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

lists.fedoraproject.org/archives/list/[email protected]/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

security.netapp.com/advisory/ntap-20240307-0011/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

Related for NVD:CVE-2023-45232

alpinelinux1 redhatcve1 prion1 cve1 cvelist1 cbl_mariner2 debiancve1 ubuntucve2 almalinux2 nessus17 redhat2 amazon1 openvas4 osv13 oraclelinux7 thn1 rocky1 ubuntu1 cert1 debian1 fedora1 redos1