Vulnerabilities > CVE-2023-45232 - Infinite Loop vulnerability in Tianocore Edk2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tianocore

CWE-835

NVD

Published: 2024-01-16

Updated: 2024-03-13

Summary

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Vulnerable Configurations

Part	Description	Count
Application	Tianocore Tianocore Edk2 - Tianocore Edk2 2017-11-07 Tianocore Edk2 2020-10-21 Tianocore Edk2 201808 Tianocore Edk2 201811 Tianocore Edk2 201903 Tianocore Edk2 201905 Tianocore Edk2 201908 Tianocore Edk2 201911 Tianocore Edk2 202002 Tianocore Edk2 202005 Tianocore Edk2 202008 Tianocore Edk2 202011 Tianocore Edk2 202102 Tianocore Edk2 202105 Tianocore Edk2 202108 Tianocore Edk2 202111 Tianocore Edk2 202202 Tianocore Edk2 202205 Tianocore Edk2 202208 Tianocore Edk2 202211 Tianocore Edk2 202302 Tianocore Edk2 202305 Tianocore Edk2 202308 Tianocore Edk2 202311	30

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References