Vulnerability Details CVE-2023-45234
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.0%
CVSS Severity
CVSS v3 Score 8.3
References
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
- https://security.netapp.com/advisory/ntap-20240307-0011/
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
- https://security.netapp.com/advisory/ntap-20240307-0011/
Products affected by CVE-2023-45234
-
cpe:2.3:a:tianocore:edk2:-
-
cpe:2.3:a:tianocore:edk2:2017-11-07
-
cpe:2.3:a:tianocore:edk2:201808
-
cpe:2.3:a:tianocore:edk2:201811
-
cpe:2.3:a:tianocore:edk2:201903
-
cpe:2.3:a:tianocore:edk2:201905
-
cpe:2.3:a:tianocore:edk2:201908
-
cpe:2.3:a:tianocore:edk2:201911
-
cpe:2.3:a:tianocore:edk2:2020-10-21
-
cpe:2.3:a:tianocore:edk2:202002
-
cpe:2.3:a:tianocore:edk2:202005
-
cpe:2.3:a:tianocore:edk2:202008
-
cpe:2.3:a:tianocore:edk2:202011
-
cpe:2.3:a:tianocore:edk2:202102
-
cpe:2.3:a:tianocore:edk2:202105
-
cpe:2.3:a:tianocore:edk2:202108
-
cpe:2.3:a:tianocore:edk2:202111
-
cpe:2.3:a:tianocore:edk2:202202
-
cpe:2.3:a:tianocore:edk2:202205
-
cpe:2.3:a:tianocore:edk2:202208
-
cpe:2.3:a:tianocore:edk2:202211
-
cpe:2.3:a:tianocore:edk2:202302
-
cpe:2.3:a:tianocore:edk2:202305
-
cpe:2.3:a:tianocore:edk2:202308
-
cpe:2.3:a:tianocore:edk2:202311