CVE-2023-45232
Infinite loop in EDK II Network Package
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
EDK2's Network Package es susceptible a una vulnerabilidad de bucle infinito al analizar opciones desconocidas en el encabezado Destination Options de IPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de disponibilidad.
A security loophole involving an infinite loop was identified in EDK2, the open-source reference implementation of the UEFI specification. This weakness enables an unauthorized attacker to exploit system availability by sending a specifically crafted Destination Options IPv6 header.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-05 CVE Reserved
- 2024-01-16 CVE Published
- 2024-08-02 CVE Updated
- 2024-09-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (7)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h | 2024-03-13 | |
| https://access.redhat.com/security/cve/CVE-2023-45232 | 2024-10-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2258691 | 2024-10-15 |