CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45236 – Predictable TCP ISNs in EDK II Network Package
https://notcve.org/view.php?id=CVE-2023-45236
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. EDK2's Network Package es susceptible a Initial Sequence Number TCP predecible. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad. A security flaw has been identified in EDK2, the open-source reference implementation of the UEFI specification. • http://www.openwall.com/lists/oss-security/2024/01/16/2 https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h https://security.netapp.com/advisory/ntap-20240307-0011 https://access.redhat.com/security/cve/CVE-2023-45236 https://bugzilla.redhat.com/show_bug.cgi?id=2258703 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45231 – Out-of-Bounds Read in EDK II Network Package
https://notcve.org/view.php?id=CVE-2023-45231
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. El paquete de red de EDK2 es susceptible a una vulnerabilidad de lectura fuera de los límites al procesar el mensaje de redirección de descubrimiento de vecinos. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad. A security loophole involving an out-of-bounds read was identified in EDK2, the open-source reference implementation of the UEFI specification. • http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html http://www.openwall.com/lists/oss-security/2024/01/16/2 https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ https://security.netapp.com/advisory/ntap-20240307-0011 https://access.redhat.com/security/cve/CVE-2023-45231 https://bugzilla.redhat.com/show_bug.cgi?id=2258688 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45230 – Buffer Overflow in EDK II Network Package
https://notcve.org/view.php?id=CVE-2023-45230
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de búfer a través de una opción de ID de servidor larga en el cliente DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad, integridad y/o disponibilidad. A security flaw was identified in EDK2, the open-source reference implementation of the UEFI specification, involving a buffer overflow vulnerability. • http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html http://www.openwall.com/lists/oss-security/2024/01/16/2 https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ https://security.netapp.com/advisory/ntap-20240307-0011 https://access.redhat.com/security/cve/CVE-2023-45230 https://bugzilla.redhat.com/show_bug.cgi?id=2258685 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45229 – Out-of-Bounds Read in EDK II Network Package
https://notcve.org/view.php?id=CVE-2023-45229
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. EDK2's Network Package es susceptible a una vulnerabilidad de lectura fuera de los límites cuando procesa la opción IA_NA o IA_TA en un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad. A vulnerability has been identified in the NetworkPkg IP stack of EDK2, the open-source reference implementation of the UEFI specification. • http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html http://www.openwall.com/lists/oss-security/2024/01/16/2 https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h https://security.netapp.com/advisory/ntap-20240307-0011 https://access.redhat.com/security/cve/CVE-2023-45229 https://bugzilla.redhat.com/show_bug.cgi?id=2258677 • CWE-125: Out-of-bounds Read CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36765 – Integer Overflow in CreateHob
https://notcve.org/view.php?id=CVE-2022-36765
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. EDK2 es susceptible a una vulnerabilidad en la función CreateHob(), lo que permite a un usuario activar un desbordamiento de enteros para desbordar el búfer a través de una red local. La explotación exitosa de esta vulnerabilidad puede resultar en un compromiso de confidencialidad, integridad y/o disponibilidad. A flaw was found in the CreateHob() function in EDK2. • https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ https://access.redhat.com/security/cve/CVE-2022-36765 https://bugzilla.redhat.com/show_bug.cgi?id=2257584 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •