CVE-2023-45229

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 16, 2024

Updated: Mar 7, 2024

CWE ID 125

Summary

CVE-2023-45229 is a newly identified vulnerability affecting EDK2's Network Package. The issue arises when processing specific options in a DHCPv6 Advertise message, leading to an out-of-bounds read vulnerability. An attacker can exploit this weakness to gain unauthorized access, potentially resulting in a significant loss of Confidentiality. This vulnerability underscores the importance of prompt patching and securing network infrastructure against such threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

TianoCore EDK II

Affected Vendors

Tianocore

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s5u8uC
https://www.cve.org/CVERecord?id=CVE-2023-45229
https://nvd.nist.gov/vuln/detail/CVE-2023-45229

Back to Vulnerability Database