Astra Linux – Vulnerability in edk2

EDK2’s Network Package is vulnerable to an infinite loop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of availability...

edk2: Infinite loop when parsing a PadN option in the Destination Options header

The Network Package in EDK2 is vulnerable to an infinite loop exploit when parsing a PadN option within the Destination Options header of IPv6. This flaw allows an unauthorized attacker to gain access and potentially result in a loss of system availability...

OESA-2024-1319 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...

OESA-2024-1317 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...

OESA-2024-1314 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...

SUSE CVE-2023-45233

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

AZL-39538 CVE-2023-45233 affecting package edk2 for versions less than 20230301gitf80f052277c8-40

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

Design/Logic Flaw

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...

CVE-2023-45233

EDK2 Network Package contains an infinite loop vulnerability when parsing the PadN option in the Destination Options header of IPv6 (CVE-2023-45233). The issue is documented in multiple advisories across distributions (e.g., Debian DSA-5624-1 and various ALMA/CBLMariner entries) as fixed in newer...

EDK2 Security Vulnerability

EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2, which stems from the Network Package's susceptibility to an infinite lop vulnerability when parsing the PadN option in the IPv6...

PT-2023-8396 · Edk2 +11 · Edk2 +11

Name of the Vulnerable Software and Affected Versions: EDK2 affected versions not specified Description: The issue is related to an infinite loop vulnerability in EDK2's Network Package when parsing a PadN option in the Destination Options header of IPv6. This can be exploited by an attacker to...