CVE-2023-45235
Public on 2024-01-16
Modified on 2024-02-08
Description
EDK2's Network Package is susceptible to a buffer overflow vulnerability when
handling Server ID option
from a DHCPv6 proxy Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
handling Server ID option
from a DHCPv6 proxy Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | edk2 | 2024-02-29 | ALAS2-2024-2483 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 8.3 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H |
| NVD | CVSSv3 | 8.3 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H |