Fluid Attacks Database

Description

EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	edk2	=2020.11-2 \|\| =2020.11-2+deb11u1 \|\| =2020.11-2+deb11u2 \|\| >=0 <2020.11-2+deb11u3	2020.11-2+deb11u3
debian 12	edk2	=2022.11-6 \|\| >=0 <2022.11-6+deb12u1	2022.11-6+deb12u1
debian 13	edk2	>=0 <2023.11-6	2023.11-6
debian 14	edk2	>=0 <2023.11-6	2023.11-6
rpm rhel8	edk2	<0:20220126gitbb1bba3d77-6.el8_9.6	0:20220126gitbb1bba3d77-6.el8_9.6
rpm rhel8.6	edk2	<0:20220126gitbb1bba3d77-2.el8_6.4	0:20220126gitbb1bba3d77-2.el8_6.4
rpm rhel8.8	edk2	<0:20220126gitbb1bba3d77-4.el8_8.3	0:20220126gitbb1bba3d77-4.el8_8.3
rpm rhel9	edk2	<0:20230524-4.el9_3.2	0:20230524-4.el9_3.2
rpm rhel9.0	edk2	<0:20220126gitbb1bba3d77-3.el9_0.4	0:20220126gitbb1bba3d77-3.el9_0.4
rpm rhel9.2	edk2	<0:20221207gitfff6d81270b5-9.el9_2.2	0:20221207gitfff6d81270b5-9.el9_2.2

Aliases

1. CVE-2023-452342. NVD-2023-452343. OSV-DEBIAN-2023-452344. OSV-2023-452345. SECURITY-TRACKER-CVE-2023-45234

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.