Unrated severityNVD Advisory· Published Jan 16, 2024· Updated Nov 4, 2025
Buffer Overflow in EDK II Network Package
CVE-2023-45234
Description
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
Affected products
1- TianoCore/edk2v5Range: edk2-stable202308
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7hmitrevendor-advisory
- packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.htmlmitre
- www.openwall.com/lists/oss-security/2024/01/16/2mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/mitre
- security.netapp.com/advisory/ntap-20240307-0011/mitre
News mentions
1- ABB B&R PCsCISA ICS Advisories