CVE-2023-45231Out-of-bounds Read in Edk2

CWE-125Out-of-bounds Read9 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 67.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedJan 16
Latest updateFeb 15

Description

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debiantianocore/edk2< 2020.11-2+deb11u3+3
NVDtianocore/edk2202311
CVEListV5tianocore/edk2edk2-stable202308

🔴Vulnerability Details

4
OSV
edk2 vulnerabilities2024-02-15
CVEList
Out-of-Bounds Read in EDK II Network Package2024-01-16
OSV
CVE-2023-45231: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message2024-01-16
GHSA
GHSA-pr27-mhpp-2ccr: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message2024-01-16

📋Vendor Advisories

4
Ubuntu
EDK II vulnerabilities2024-02-15
Red Hat
edk2: Out of Bounds read when handling a ND Redirect message with truncated options2024-01-16
Microsoft
Out-of-Bounds Read in EDK II Network Package2024-01-09
Debian
CVE-2023-45231: edk2 - EDK2's Network Package is susceptible to an out-of-bounds read vulnerability wh...2023
CVE-2023-45231 — Out-of-bounds Read in Tianocore Edk2 | cvebase