Doug Flick

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number, which can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. This issue can allow a remote attacker to obtain unauthorized access to confidential data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The issue is related to a buffer overflow vulnerability in the DHCPv6 Advertise Message Handler component of the EDK2 library. This vulnerability can be exploited by an attacker to gain unauthorized access, potentially leading to a loss of confidentiality, integrity, and/or availability. The vulnerability occurs when processing the DNS Servers option from a DHCPv6 Advertise message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The issue is related to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect messages in EDK2's Network Package. This can be exploited by an attacker to gain unauthorized access, potentially leading to a loss of confidentiality. The vulnerability is also associated with a buffer overflow in the Ip6ProcessRedirect function of the Tianocore edk2 library. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA NA or IA TA option in a DHCPv6 Advertise message. This can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. The vulnerability is related to insufficient access control in the Dhcp6HandleAdvertiseMsg function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The issue is related to a buffer overflow vulnerability in the Dhcp6SendRequestMsg function of the Tianocore edk2 library, specifically in the NetworkPkg/Dhcp6Dxe/Dhcp6Io.c file. This vulnerability can be exploited by an attacker to gain unauthorized access, potentially leading to a loss of confidentiality, integrity, and/or availability. The vulnerability is caused by a long server ID option in the DHCPv6 client. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The issue is related to an infinite loop vulnerability in EDK2's Network Package when parsing unknown options in the Destination Options header of IPv6. This can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. The vulnerability is also associated with a buffer overflow in the IPv6 Options Header Handler component of the Tianocore EDK2 library, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The issue is related to a buffer overflow vulnerability in EDK2's Network Package when handling the Server ID option from a DHCPv6 proxy Advertise message. This can be exploited by an attacker to gain unauthorized access, potentially leading to a loss of Confidentiality, Integrity, and/or Availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The issue is related to a heap buffer overflow vulnerability in the `Tcg2MeasureGptTable()` function. This vulnerability can be triggered via a local network, potentially compromising confidentiality, integrity, and/or availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The issue is related to a heap buffer overflow vulnerability in the `Tcg2MeasurePeImage()` function. This vulnerability can be triggered via a local network, potentially compromising confidentiality, integrity, and/or availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number, which can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. The vulnerability is related to errors in the code generator of pseudorandom numbers when handling the `Seed` parameter in the `NetRandomInitSeed()` function of the Tianocore edk2 library. This can allow a remote attacker to gain unauthorized access to protected information or cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EDK2 (affected versions not specified) **Description** The issue is related to an infinite loop vulnerability in EDK2's Network Package when parsing a PadN option in the Destination Options header of IPv6. This can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. The vulnerability is associated with the function `Ip6IsOptionValid()` and the processing of the `PadN` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.