Vulnerabilities > Tianocore
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-45229 | Out-of-bounds Read vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. | 6.5 |
| 2024-01-16 | CVE-2023-45230 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. | 8.8 |
| 2024-01-16 | CVE-2023-45231 | Out-of-bounds Read vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. | 6.5 |
| 2024-01-16 | CVE-2023-45232 | Infinite Loop vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. | 7.5 |
| 2024-01-16 | CVE-2023-45233 | Infinite Loop vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. | 7.5 |
| 2024-01-16 | CVE-2023-45234 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. | 8.8 |
| 2024-01-16 | CVE-2023-45235 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. | 8.8 |
| 2024-01-16 | CVE-2023-45236 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. | 7.5 |
| 2024-01-16 | CVE-2023-45237 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. | 7.5 |
| 2024-01-09 | CVE-2022-36763 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. | 7.8 |