PT-2023-8396 · Edk2+12 · Edk2+12

Doug Flick

+1

·

Publicado

2023-08-03

·

Atualizado

2026-01-21

·

CVE-2023-45233

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions EDK2 (affected versions not specified)
Description The issue is related to an infinite loop vulnerability in EDK2's Network Package when parsing a PadN option in the Destination Options header of IPv6. This can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. The vulnerability is associated with the function Ip6IsOptionValid() and the processing of the PadN parameter.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALSA-2024:2264
ALSA-2024:3017
ALSA-2024_2264
ALSA-2024_3017
ALSA-2025_16880
ALT-PU-2024-14732
ALT-PU-2024-14734
ALT-PU-2024-14950
AZL-38842
AZL-39355
AZL-39538
BDU:2024-00627
CESA-2024_3017
CVE-2023-45233
DLA-4207-1
DSA-5624-1
GHSA-HC6X-CW6P-GJ7H
INFSA-2024_2264
INFSA-2024_3017
OESA-2024-1314
OESA-2024-1315
OESA-2024-1316
OESA-2024-1317
OESA-2024-1318
OESA-2024-1319
OPENSUSE-SU-2025_0407-1
OPENSUSE-SU-2025_0421-1
OPENSUSE-SU-2025_0503-1
OPENSUSE-SU-2025_0752-1
RHSA-2024:2264
RHSA-2024:3017
RHSA-2024:8104
RHSA-2024_2264
RHSA-2024_3017
RLSA-2024:2264
SUSE-SU-2025:0407-1
SUSE-SU-2025:0421-1
SUSE-SU-2025:0503-1
SUSE-SU-2025:0752-1
SUSE-SU-2025_0421-1
SUSE-SU-2025_0503-1
SUSE-SU-2026:0196-1
USN-6638-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Edk2
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Zvirt Node