PT-2024-1143 · Edk2+10 · Edk2+10

Doug Flick

Published

2024-01-16

Updated

2026-03-03

CVE-2023-45229

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions EDK2 (affected versions not specified)

Description The EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA NA or IA TA option in a DHCPv6 Advertise message. This can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. The vulnerability is related to insufficient access control in the Dhcp6HandleAdvertiseMsg function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:2264

ALSA-2024:3017

ALT-PU-2024-14732

ALT-PU-2024-14734

ALT-PU-2024-14950

AZL-38455

AZL-39085

AZL-39436

BDU:2024-00459

CESA-2024_3017

CVE-2023-45229

DLA-4207-1

DSA-5624-1

GHSA-HC6X-CW6P-GJ7H

INFSA-2024_2264

INFSA-2024_3017

OESA-2024-1280

OESA-2024-1315

OPENSUSE-SU-2024:14199-1

OPENSUSE-SU-2025_0407-1

OPENSUSE-SU-2025_0421-1

OPENSUSE-SU-2025_0503-1

OPENSUSE-SU-2025_0752-1

RHSA-2024:2264

RHSA-2024:3017

RHSA-2024:4419

RHSA-2024_2264

RHSA-2024_3017

RLSA-2024:2264

SUSE-SU-2025:03076-1

SUSE-SU-2025:03096-1

SUSE-SU-2025:0407-1

SUSE-SU-2025:0421-1

SUSE-SU-2025:0503-1

SUSE-SU-2025:0752-1

SUSE-SU-2025_03076-1

SUSE-SU-2025_0407-1

SUSE-SU-2025_0421-1

SUSE-SU-2025_0503-1

SUSE-SU-2025_0752-1

SUSE-SU-2026:20037-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Edk2

Red Hat

Red Os

Rocky Linux

Suse

Zvirt Node

PT-2024-1143 · Edk2+10 · Edk2+10

CVE-2023-45229

Weakness Enumeration

Related Identifiers

Affected Products

References · 131