CVE-2023-45232

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This
 vulnerability can be exploited by an attacker to gain unauthorized 
access and potentially lead to a loss of Availability.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
TianoCoreCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
tianocoreedk2
𝑥
≤ 202311
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
edk2
bullseye (security)
vulnerable
bullseye
no-dsa
buster
no-dsa
bookworm
2022.11-6+deb12u1
fixed
bookworm (security)
2022.11-6+deb12u1
fixed
trixie
2024.11-2
fixed
sid
2024.11-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
oracular
not-affected
noble
not-affected
mantic
Fixed 2023.05-2ubuntu0.1
released
lunar
ignored
jammy
Fixed 2022.02-3ubuntu0.22.04.2
released
focal
Fixed 0~20191122.bd85bf54-2ubuntu3.5
released
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
http://www.openwall.com/lists/oss-security/2024/01/16/2
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
https://security.netapp.com/advisory/ntap-20240307-0011/
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
http://www.openwall.com/lists/oss-security/2024/01/16/2
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
https://security.netapp.com/advisory/ntap-20240307-0011/