CVE-2023-45232

Опубликовано: 16 янв. 2024

Источник: redhat

CVSS3: 7.5

Описание

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

A security loophole involving an infinite loop was identified in EDK2, the open-source reference implementation of the UEFI specification. This weakness enables an unauthorized attacker to exploit system availability by sending a specifically crafted Destination Options IPv6 header.

Отчет

The identified flaw in the NetworkPkg IP stack within the EDK2, an open-source UEFI implementation, poses a moderate security concern as the vulnerability allows an unauthenticated attacker within the same local network to exploit via a specifically crafted Destination Options IPv6 header.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=2258691edk2: Infinite loop when parsing unknown options in the Destination Options header

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-45232

CVSS3: 7.5

ubuntu

больше 1 года назад

CVE-2023-45232

CVSS3: 7.5

nvd

больше 1 года назад

CVE-2023-45232

CVSS3: 7.5

msrc

около 1 года назад

Описание отсутствует

CVE-2023-45232

CVSS3: 7.5

debian

больше 1 года назад

EDK2's Network Package is susceptible to an infinite loop vulnerabilit ...

GHSA-3r3p-444m-2g4p

CVSS3: 7.5

github

больше 1 года назад

7.5 High

CVSS3