Unrated severityNVD Advisory· Published Jan 16, 2024· Updated Nov 4, 2025
Infinite loop in EDK II Network Package
CVE-2023-45232
Description
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
Affected products
1- TianoCore/edk2v5Range: edk2-stable202308
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7hmitrevendor-advisory
- packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.htmlmitre
- www.openwall.com/lists/oss-security/2024/01/16/2mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/mitre
- security.netapp.com/advisory/ntap-20240307-0011/mitre
News mentions
1- ABB B&R PCsCISA ICS Advisories