ghsa-3r3p-444m-2g4p
Vulnerability from github
Published
2024-01-16 18:31
Modified
2024-03-13 03:31
Severity
Details
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
{ "affected": [], "aliases": [ "CVE-2023-45232" ], "database_specific": { "cwe_ids": [ "CWE-835" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-01-16T16:15:12Z", "severity": "HIGH" }, "details": " EDK2\u0027s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\n\n", "id": "GHSA-3r3p-444m-2g4p", "modified": "2024-03-13T03:31:06Z", "published": "2024-01-16T18:31:09Z", "references": [ { "type": "WEB", "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45232" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20240307-0011" }, { "type": "WEB", "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
Loading...