CVE-2023-45230
Buffer Overflow in EDK II Network Package
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de búfer a través de una opción de ID de servidor larga en el cliente DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad, integridad y/o disponibilidad.
A security flaw was identified in EDK2, the open-source reference implementation of the UEFI specification, involving a buffer overflow vulnerability. This particular weakness enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted DHCPv6 message. This, in turn, could result in an information disclosure and compromise the availability of the system.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-10-05 CVE Reserved
- 2024-01-16 CVE Published
- 2024-01-24 EPSS Updated
- 2024-10-22 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
- CAPEC-540: Overread Buffers
References (7)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h | 2024-03-13 | |
| https://access.redhat.com/security/cve/CVE-2023-45230 | 2024-05-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2258685 | 2024-05-30 |