Home > Vulnerability Database > CVE-2023-45232

Mend.io Vulnerability Database

CVE-2023-45232

Good to know:

Date: January 16, 2024

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Language: C

Severity Score

7.5

Related Resources (7)

Url: https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

Url: http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

Url: http://www.openwall.com/lists/oss-security/2024/01/16/2

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

Url: https://security.netapp.com/advisory/ntap-20240307-0011/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45232

Url: https://www.mend.io/vulnerability-database/CVE-2023-45232

Severity Score

7.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

Upgrade Version

Upgrade to version 202402

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45232

Good to know:

Date: January 16, 2024

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?