Out-of-Bounds Read in EDK II Network Package
CVE-2023-45229

6.5MEDIUM

Key Information:

Vendor: Tianocore
Status: Edk2
Vendor: CVE Published:; 16 January 2024

What is CVE-2023-45229?

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

Affected Version(s)

edk2 edk2-stable202308

References

https://github.com/tianocore/edk2/security/advisories/GHS...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/01/16/2

http://packetstormsecurity.com/files/176574/PixieFail-Pro...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Oct 5, 2023

Credit

Quarkslab Vulnerability Reports Team

Doug Flick

Tianocore

What is CVE-2023-45229?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit