CVE-2023-45232
Infinite loop in EDK II Network Package
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
EDK2's Network Package es susceptible a una vulnerabilidad de bucle infinito al analizar opciones desconocidas en el encabezado Destination Options de IPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de disponibilidad.
A security loophole involving an infinite loop was identified in EDK2, the open-source reference implementation of the UEFI specification. This weakness enables an unauthorized attacker to exploit system availability by sending a specifically crafted Destination Options IPv6 header.
An update for edk2 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-05 CVE Reserved
- 2024-01-16 CVE Published
- 2024-01-17 First Exploit
- 2025-02-13 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (8)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/176574 | 2024-01-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h | 2024-03-13 | |
| https://access.redhat.com/security/cve/CVE-2023-45232 | 2024-10-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2258691 | 2024-10-15 |