CVE-2023-45233
Infinite loop in EDK II Network Package
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
EDK2's Network Package es susceptible a una vulnerabilidad de bucle infinito al analizar una opción PadN en el encabezado Destination Options de IPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de disponibilidad.
The Network Package in EDK2 is vulnerable to an infinite loop exploit when parsing a PadN option within the Destination Options header of IPv6. This flaw allows an unauthorized attacker to gain access and potentially result in a loss of system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-05 CVE Reserved
- 2024-01-16 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (7)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h | 2024-03-13 | |
| https://access.redhat.com/security/cve/CVE-2023-45233 | 2024-10-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2258694 | 2024-10-15 |