Unrated severityNVD Advisory· Published Jan 16, 2024· Updated Nov 4, 2025
Infinite loop in EDK II Network Package
CVE-2023-45232
Description
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31- osv-coords29 versionspkg:rpm/almalinux/edk2-aarch64pkg:rpm/almalinux/edk2-ovmfpkg:rpm/almalinux/edk2-toolspkg:rpm/almalinux/edk2-tools-docpkg:rpm/opensuse/ovmf&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/ovmf&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ovmf&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/ovmf&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/ovmf&distro=SUSE%20Manager%20Server%204.3
< 20231122-6.el9+ 28 more
- (no CPE)range: < 20231122-6.el9
- (no CPE)range: < 20231122-6.el9
- (no CPE)range: < 20231122-6.el9
- (no CPE)range: < 20231122-6.el9
- (no CPE)range: < 202308-150600.5.9.1
- (no CPE)range: < 202402-1.1
- (no CPE)range: < 202008-150300.10.26.1
- (no CPE)range: < 202008-150300.10.26.1
- (no CPE)range: < 202202-150400.5.15.1
- (no CPE)range: < 202202-150400.5.15.1
- (no CPE)range: < 202208-150500.6.6.1
- (no CPE)range: < 202208-150500.6.6.1
- (no CPE)range: < 202008-150300.10.26.1
- (no CPE)range: < 202008-150300.10.26.1
- (no CPE)range: < 202202-150400.5.15.1
- (no CPE)range: < 202202-150400.5.15.1
- (no CPE)range: < 202208-150500.6.6.1
- (no CPE)range: < 202308-150600.5.9.1
- (no CPE)range: < 202308-150600.5.9.1
- (no CPE)range: < 2017+git1510945757.b2662641d5-3.55.1
- (no CPE)range: < 202008-150300.10.26.1
- (no CPE)range: < 202202-150400.5.15.1
- (no CPE)range: < 202208-150500.6.6.1
- (no CPE)range: < 202008-150300.10.26.1
- (no CPE)range: < 202202-150400.5.15.1
- (no CPE)range: < 202208-150500.6.6.1
- (no CPE)range: < 2017+git1510945757.b2662641d5-3.55.1
- (no CPE)range: < 202202-150400.5.15.1
- (no CPE)range: < 202202-150400.5.15.1
Patches
Vulnerability mechanics
References
5- github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7hmitrevendor-advisory
- packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.htmlmitre
- www.openwall.com/lists/oss-security/2024/01/16/2mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/mitre
- security.netapp.com/advisory/ntap-20240307-0011/mitre
News mentions
1- ABB B&R PCsCISA ICS Advisories