CVE-2023-45234: Buffer Overflow in EDK II Network Package

Published Jan 16, 2024
·
Updated

EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Other sources

https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html https://github.com/advisories/GHSA-mrjv-p9q7-rxgr

Red Hat

Affected Software

5 affected componentsFixes available
debian/edk2<=0~20181115.85588389-3+deb10u3, <=2020.11-2+deb11u1, <=2020.11-2+deb11u2, <=2022.11-6
2022.11-6+deb12u12024.02-2
ubuntu/edk2<0~20191122.
0~20191122.
ubuntu/edk2<2022.02-3ubuntu0.22.04.2
2022.02-3ubuntu0.22.04.2
ubuntu/edk2<2023.05-2ubuntu0.1
2023.05-2ubuntu0.1
Tianocore edk2<=202311

Event History

Jan 16, 2024
CVE Published
via Ubuntu·12:00 AM
CVE Published
via MITRE·04:14 PM
Data Sourced
via MITRE·04:14 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·04:15 PM
DescriptionSeverityWeaknessAffected Software
Jan 17, 2024
Data Sourced
via Red Hat·03:21 AM
DescriptionSeverityAffected Software
Mar 30, 2024
Data Sourced
via Launchpad·02:45 AM
Description

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-45234?

CVE-2023-45234 is identified as a high-severity vulnerability due to its potential for unauthorized access and information disclosure.

2

How do I fix CVE-2023-45234?

To mitigate CVE-2023-45234, update the affected EDK2 package to a version that addresses this vulnerability, such as 0~20191122 for Ubuntu Focal or 2022.11-6 for Debian.

3

Which software is affected by CVE-2023-45234?

CVE-2023-45234 affects the EDK2 package in various versions across several distributions, including Ubuntu and Debian.

4

What is the nature of CVE-2023-45234?

CVE-2023-45234 is a buffer overflow vulnerability that occurs when processing DNS Servers options from a DHCPv6 Advertise message.

5

Can CVE-2023-45234 lead to remote code execution?

Yes, CVE-2023-45234 can potentially allow an attacker to execute arbitrary code, leading to significant security risks.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203