Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-45232

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Published

2024-01-16T16:15:12.090

Last Modified

2025-02-13T18:15:29.863

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-835
Type: Primary
CWE-835

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tianocore	edk2	≤ 202311	Yes

References

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html Third Party Advisory, VDB Entry ([email protected])
http://www.openwall.com/lists/oss-security/2024/01/16/2 Mailing List ([email protected])
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/ ([email protected])
https://security.netapp.com/advisory/ntap-20240307-0011/ ([email protected])
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/01/16/2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240307-0011/ (af854a3a-2127-422b-91ae-364da2661108)