CVE-2023-45234
Buffer Overflow in EDK II Network Package
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de búfer al procesar la opción de servidores DNS desde un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad, integridad y/o disponibilidad.
A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise message. As a consequence, it results in the unauthorized disclosure of information and jeopardizes the availability of the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-05 CVE Reserved
- 2024-01-16 CVE Published
- 2024-01-24 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
- CAPEC-540: Overread Buffers
References (7)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h | 2024-03-13 | |
| https://access.redhat.com/security/cve/CVE-2023-45234 | 2024-05-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2258697 | 2024-05-30 |