CVE-2023-45232

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "name": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "name": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "tags": ["Mailing List"], "refsource": ""}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "tags": [], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "tags": [], "refsource": ""}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "name": "https://security.netapp.com/advisory/ntap-20240307-0011/", "tags": [], "refsource": ""}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "name": "https://security.netapp.com/advisory/ntap-20240307-0011/", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-835"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-45232", "ASSIGNER": "infosec@edk2.groups.io"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2024-01-16T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "202311"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-02-13T18:15Z"}