7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.4%
EDK2’s Network Package is susceptible to an infinite loop vulnerability
when parsing unknown options in the Destination Options header of IPv6.
This vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
Author | Note |
---|---|
eslerm | shares fixes with CVE-2023-45233 “exposure is limited to PXE boot or HTTP boot” patchset available in bug 4518, but not in repo (until Feb-24) fix and unit test commit id likely 7ec488242f6 and d925ff1f00e |
blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
launchpad.net/bugs/cve/CVE-2023-45232
nvd.nist.gov/vuln/detail/CVE-2023-45232
security-tracker.debian.org/tracker/CVE-2023-45232
ubuntu.com/security/notices/USN-6638-1
www.cve.org/CVERecord?id=CVE-2023-45232
www.openwall.com/lists/oss-security/2024/01/16/2
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.4%