CVE-2023-45234 - OpenCVE

EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Tianocore	Edk2

Configuration 1 [-]

cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html	Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2024/01/16/2	Mailing List
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
https://security.netapp.com/advisory/ntap-20240307-0011/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TianoCore

Published: 2024-01-16T16:14:28.209Z

Updated: 2024-01-16T16:14:28.209Z

Reserved: 2023-10-05T20:48:19.879Z

Link: CVE-2023-45234

JSON object: View

NVD Information

Status : Modified

Published: 2024-01-16T16:15:12.460

Modified: 2024-03-13T02:15:50.513

Link: CVE-2023-45234

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-45234", "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "state": "PUBLISHED", "assignerShortName": "TianoCore", "dateReserved": "2023-10-05T20:48:19.879Z", "datePublished": "2024-01-16T16:14:28.209Z", "dateUpdated": "2024-01-16T16:14:28.209Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [{"status": "affected", "version": "edk2-stable202308"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n"}], "value": " EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n"}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2024-01-16T16:14:28.209Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"}, {"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"}], "source": {"discovery": "UNKNOWN"}, "title": "Buffer Overflow in EDK II Network Package", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B", "versionEndIncluding": "202311", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": " EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\n\n"}, {"lang": "es", "value": "EDK2's Network Package es susceptible a una vulnerabilidad de desbordamiento de b\u00fafer al procesar la opci\u00f3n de servidores DNS desde un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."}], "id": "CVE-2023-45234", "lastModified": "2024-03-13T02:15:50.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "infosec@edk2.groups.io", "type": "Secondary"}]}, "published": "2024-01-16T16:15:12.460", "references": [{"source": "infosec@edk2.groups.io", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"}, {"source": "infosec@edk2.groups.io", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"}, {"source": "infosec@edk2.groups.io", "tags": ["Vendor Advisory"], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"}, {"source": "infosec@edk2.groups.io", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"}, {"source": "infosec@edk2.groups.io", "url": "https://security.netapp.com/advisory/ntap-20240307-0011/"}], "sourceIdentifier": "infosec@edk2.groups.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "infosec@edk2.groups.io", "type": "Secondary"}]}