Astra Linux - уязвимость в edk2

EDK2’s Network Package is vulnerable to an infinite loop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of availability...

SUSE SLES12 Security Update : ovmf (SUSE-SU-2026:0196-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0196-1 advisory. - CVE-2023-45231: Fixed out of bounds read when handling a ND Redirect message with truncated options bsc1218881. - CVE-2023-45232: Fixed...

CLSA-2025-1763716672 edk2: Fix of 7 CVEs

CVE-2023-45229: fix IPv6 malformed option handling to prevent parsing loop - CVE-2023-45230: fix DHCPv6 ServerID length validation to prevent buffer overflow - CVE-2023-45231: fix IPv6 Redirect bounds checks to avoid out-of-bounds access - CVE-2023-45232: fix IPv6 destination option parsing to...

EUVD-2023-49539

Malicious code in bioql PyPI...

edk2: Infinite loop when parsing a PadN option in the Destination Options header

The Network Package in EDK2 is vulnerable to an infinite loop exploit when parsing a PadN option within the Destination Options header of IPv6. This flaw allows an unauthorized attacker to gain access and potentially result in a loss of system availability...

edk2: Infinite loop when parsing a PadN option in the Destination Options header

The Network Package in EDK2 is vulnerable to an infinite loop exploit when parsing a PadN option within the Destination Options header of IPv6. This flaw allows an unauthorized attacker to gain access and potentially result in a loss of system availability...

OESA-2024-1319 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...

OESA-2024-1314 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...

OESA-2024-1317 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...

SUSE CVE-2023-45233

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

AZL-38842 CVE-2023-45233 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

AZL-39355 CVE-2023-45233 affecting package hvloader for versions less than 1.0.1-9

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

AZL-39538 CVE-2023-45233 affecting package edk2 for versions less than 20230301gitf80f052277c8-40

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

DEBIAN-CVE-2023-45233

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

Design/Logic Flaw

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

UBUNTU-CVE-2023-45233

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

CVE-2023-45233

EDK2 Network Package contains an infinite loop vulnerability when parsing the PadN option in the Destination Options header of IPv6 (CVE-2023-45233). The issue is documented in multiple advisories across distributions (e.g., Debian DSA-5624-1 and various ALMA/CBLMariner entries) as fixed in newer...

EDK2 Security Vulnerability

EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2, which stems from the Network Package's susceptibility to an infinite lop vulnerability when parsing the PadN option in the IPv6...

PT-2023-8396 · Edk2 +11 · Edk2 +11

Name of the Vulnerable Software and Affected Versions: EDK2 affected versions not specified Description: The issue is related to an infinite loop vulnerability in EDK2's Network Package when parsing a PadN option in the Destination Options header of IPv6. This can be exploited by an attacker to...