CVE-2023-45232

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-45232

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45232.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45232

Related

Published

2024-01-16T16:15:12Z

Modified

2025-01-14T12:01:46.805344Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

References

Affected packages

Debian:11 / edk2

Package

Name: edk2
Purl: pkg:deb/debian/edk2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2020.*

2020.11-2

2020.11-2+deb11u1

2020.11-2+deb11u2

2020.11-3

2020.11-4

2020.11-5

2021.*

2021.02-1

2021.05-1

2021.08~rc0-1

2021.08~rc0-2

2021.08-1

2021.08-2

2021.08-3

2021.11~rc1-1

2021.11-1

2021.11-2

2022.*

2022.02~rc1-1

2022.02-1

2022.02-2

2022.02-3

2022.05~rc1-1

2022.05-1

2022.05-2

2022.05-3

2022.05-4

2022.08-1

2022.11-1

2022.11-2

2022.11-3

2022.11-4

2022.11-5

2022.11-6

2023.*

2023.02-1

2023.02-2

2023.05-1

2023.05-2

2023.08-1

2023.11-1

2023.11-2

2023.11-3

2023.11-4

2023.11-5

2023.11-6

2023.11-7

2023.11-8

2024.*

2024.02-1

2024.02-2

2024.05-1

2024.05-2

2024.08-1

2024.08-2

2024.08-3

2024.08-4

2024.11-1

2024.11-2

2024.11-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / edk2

Package

Name: edk2
Purl: pkg:deb/debian/edk2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2022.11-6+deb12u1

Affected versions

2022.*

2022.11-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / edk2

Package

Name: edk2
Purl: pkg:deb/debian/edk2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2023.11-6

Affected versions

2022.*

2022.11-6

2023.*

2023.02-1

2023.02-2

2023.05-1

2023.05-2

2023.08-1

2023.11-1

2023.11-2

2023.11-3

2023.11-4

2023.11-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/tianocore/edk2

Affected ranges

Type: GIT
Repo: https://github.com/tianocore/edk2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8736b8fdca85e02933cdb0a13309de14c9799ece

Affected versions

Other

edk2-stable201808

edk2-stable201811

edk2-stable201903

edk2-stable201905

edk2-stable201908

edk2-stable201911

edk2-stable202002

edk2-stable202005

edk2-stable202008

edk2-stable202011

edk2-stable202102

edk2-stable202105

edk2-stable202108

edk2-stable202108-rc0

edk2-stable202108-rc1

edk2-stable202111

edk2-stable202111-rc1

edk2-stable202202

edk2-stable202202-rc1

edk2-stable202205

edk2-stable202205-rc1

edk2-stable202208

edk2-stable202211

edk2-stable202302

edk2-stable202305

edk2-stable202308

edk2-stable202311