PT-2024-1249 · Tianocore+12 · Edk2+12

Doug Flick

·

Published

2024-01-16

·

Updated

2026-01-21

·

CVE-2023-45232

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions EDK2 (affected versions not specified)
Description The issue is related to an infinite loop vulnerability in EDK2's Network Package when parsing unknown options in the Destination Options header of IPv6. This can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. The vulnerability is also associated with a buffer overflow in the IPv6 Options Header Handler component of the Tianocore EDK2 library, which can be exploited by a remote attacker to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Infinite Loop

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-404

Related Identifiers

ALSA-2024:2264
ALSA-2024:3017
ALT-PU-2024-14732
ALT-PU-2024-14734
ALT-PU-2024-14950
AZL-38227
AZL-39346
AZL-39553
BDU:2024-00646
CESA-2024_3017
CVE-2023-45232
DLA-4207-1
DSA-5624-1
GHSA-HC6X-CW6P-GJ7H
INFSA-2024_2264
INFSA-2024_3017
OESA-2024-1314
OESA-2024-1315
OESA-2024-1316
OESA-2024-1317
OESA-2024-1318
OESA-2024-1319
OPENSUSE-SU-2024:14199-1
OPENSUSE-SU-2025_0407-1
OPENSUSE-SU-2025_0421-1
OPENSUSE-SU-2025_0503-1
OPENSUSE-SU-2025_0752-1
RHSA-2024:2264
RHSA-2024:3017
RHSA-2024:8104
RHSA-2024_2264
RHSA-2024_3017
RLSA-2024:2264
SUSE-SU-2025:0407-1
SUSE-SU-2025:0421-1
SUSE-SU-2025:0503-1
SUSE-SU-2025:0752-1
SUSE-SU-2025_0421-1
SUSE-SU-2025_0503-1
SUSE-SU-2026:0196-1
USN-6638-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Edk2
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Zvirt Node