Описание
EDK2's Network Package is susceptible to an out-of-bounds read
vulnerability when processing Neighbor Discovery Redirect message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
A security loophole involving an out-of-bounds read was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted Neighbor Discovery Redirect message. Consequently, this may lead to the unauthorized reading of memory beyond the message boundaries, potentially resulting in the exposure of sensitive information.
Отчет
The out-of-bounds read vulnerability in EDK2 represents a moderate security concern. This flaw, found in the open-source implementation of the UEFI specification, allows an attacker within the local network to exploit the issue by sending a carefully crafted Neighbor Discovery Redirect message. While requiring proximity for exploitation, the vulnerability could lead to unauthorized memory access and potential leakage of sensitive information.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
EDK2's Network Package is susceptible to an out-of-bounds read vulner ...
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
EPSS
6.5 Medium
CVSS3