ГлавнаяУязвимости → CVE-2023-45232
7.5высокая

CVE-2023-45232

→ есть в БДУ: BDU:2024-00646 (на русском)
Описание (на английском; русское — в БДУ выше)

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Затрагиваемое ПО
Tianocore Edk2
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.htmlhttp://www.openwall.com/lists/oss-security/2024/01/16/2https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7hhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/https://security.netapp.com/advisory/ntap-20240307-0011/http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.htmlhttp://www.openwall.com/lists/oss-security/2024/01/16/2https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h