CVE-2023-45232
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TianoCore | edk2 | edk2-stable202308 | affected |
Weaknesses
- CWE-835: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- https://security.netapp.com/advisory/ntap-20240307-0011/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
- https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html
- https://www.kb.cert.org/vuls/id/132380
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- https://security.netapp.com/advisory/ntap-20240307-0011/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.