CVE-2023-45232Infinite Loop in Edk2

CWE-835Infinite Loop8 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 34.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedJan 16
Latest updateFeb 15

Description

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debiantianocore/edk2< 2020.11-2+deb11u3+3
NVDtianocore/edk2202311
CVEListV5tianocore/edk2edk2-stable202308

🔴Vulnerability Details

3
OSV
CVE-2023-45232: EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv62024-01-16
CVEList
Infinite loop in EDK II Network Package2024-01-16
GHSA
GHSA-3r3p-444m-2g4p: EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv62024-01-16

📋Vendor Advisories

4
Ubuntu
EDK II vulnerabilities2024-02-15
Red Hat
edk2: Infinite loop when parsing unknown options in the Destination Options header2024-01-16
Microsoft
Infinite loop in EDK II Network Package2024-01-09
Debian
CVE-2023-45232: edk2 - EDK2's Network Package is susceptible to an infinite loop vulnerability when par...2023
CVE-2023-45232 — Infinite Loop in Tianocore Edk2 | cvebase