Vulnerabilities > Tianocore

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2023-45229 Out-of-bounds Read vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message.
low complexity
tianocore CWE-125
6.5
2024-01-16 CVE-2023-45230 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client.
low complexity
tianocore CWE-119
8.8
2024-01-16 CVE-2023-45231 Out-of-bounds Read vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing  Neighbor Discovery Redirect message.
low complexity
tianocore CWE-125
6.5
2024-01-16 CVE-2023-45232 Infinite Loop vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6.
network
low complexity
tianocore CWE-835
7.5
2024-01-16 CVE-2023-45233 Infinite Loop vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6.
network
low complexity
tianocore CWE-835
7.5
2024-01-16 CVE-2023-45234 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message.
low complexity
tianocore CWE-119
8.8
2024-01-16 CVE-2023-45235 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message.
low complexity
tianocore CWE-119
8.8
2024-01-16 CVE-2023-45236 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number.
network
low complexity
tianocore CWE-338
7.5
2024-01-16 CVE-2023-45237 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number.
network
low complexity
tianocore CWE-338
7.5
2024-01-09 CVE-2022-36763 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network.
local
low complexity
tianocore CWE-119
7.8