CVE-2023-45235— Buffer Overflow in EDK II Network Package

Buffer Overflow in EDK II Network Package

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

内存缓冲区边界内操作的限制不恰当

EDK2 缓冲区错误漏洞

EDK2是Tianocore社区的一套基于UEFI和PI规范的跨平台固件开发环境。 EDK2 存在安全漏洞，该漏洞源于 Network Package 在处理 DHCPv6 代理广告消息中的服务器 ID 选项时容易受到缓冲区溢出漏洞的影响。

N/A

N/A