CVE-2023-45230

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EDK2 (affected versions not specified)

Description The issue is related to a buffer overflow vulnerability in the Dhcp6SendRequestMsg function of the Tianocore edk2 library, specifically in the NetworkPkg/Dhcp6Dxe/Dhcp6Io.c file. This vulnerability can be exploited by an attacker to gain unauthorized access, potentially leading to a loss of confidentiality, integrity, and/or availability. The vulnerability is caused by a long server ID option in the DHCPv6 client.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

DoS

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787CWE-120

Related Identifiers

ALSA-2024:1063

ALSA-2024:1075

ALT-PU-2024-14732

ALT-PU-2024-14734

ALT-PU-2024-14950

AZL-38590

AZL-39106

AZL-39109

BDU:2024-00460

CESA-2024_1063

CVE-2023-45230

DLA-4207-1

DSA-5624-1

GHSA-HC6X-CW6P-GJ7H

OESA-2024-1314

OESA-2024-1315

OESA-2024-1316

OESA-2024-1317

OESA-2024-1318

OESA-2024-1319

OPENSUSE-SU-2024:14199-1

OPENSUSE-SU-2025_0407-1

OPENSUSE-SU-2025_0421-1

OPENSUSE-SU-2025_0503-1

OPENSUSE-SU-2025_0752-1

RHSA-2024:1004

RHSA-2024:1013

RHSA-2024:1063

RHSA-2024:1075

RHSA-2024:1076

RHSA-2024:1077

RHSA-2024:1415

RHSA-2024:3497

RHSA-2024_1063

RHSA-2024_1075

RLSA-2024:1063

SUSE-SU-2025:03076-1

SUSE-SU-2025:03096-1

SUSE-SU-2025:0407-1

SUSE-SU-2025:0421-1

SUSE-SU-2025:0503-1

SUSE-SU-2025:0752-1

SUSE-SU-2025_03076-1

SUSE-SU-2025_0421-1

SUSE-SU-2025_0503-1

SUSE-SU-2026:20037-1

USN-6638-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Edk2

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-45230

Weakness Enumeration

Related Identifiers

Affected Products

References · 127