Vulnerability Description
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tianocore | Edk2 | <= 202311 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.htmlThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2024/01/16/2Mailing List
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7hVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://security.netapp.com/advisory/ntap-20240307-0011/
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.htmlThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2024/01/16/2Mailing List
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7hVendor Advisory
- https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://security.netapp.com/advisory/ntap-20240307-0011/
- https://www.kb.cert.org/vuls/id/132380
FAQ
What is CVE-2023-45232?
CVE-2023-45232 is a vulnerability with a CVSS score of 7.5 (HIGH). EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to g...
How severe is CVE-2023-45232?
CVE-2023-45232 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45232?
Check the references section above for vendor advisories and patch information. Affected products include: Tianocore Edk2.