{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45229", "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "state": "PUBLISHED", "assignerShortName": "TianoCore", "dateReserved": "2023-10-05T20:48:19.877Z", "datePublished": "2024-01-16T16:07:31.826Z", "dateUpdated": "2025-02-13T17:13:53.156Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [{"status": "affected", "version": "edk2-stable202308"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."}], "value": "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2024-03-07T17:06:42.254Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"}, {"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-Bounds Read in EDK II Network Package", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:19.771Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B", "versionEndIncluding": "202311", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."}, {"lang": "es", "value": "EDK2's Network Package es susceptible a una vulnerabilidad de lectura fuera de los l\u00edmites cuando procesa la opci\u00f3n IA_NA o IA_TA en un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad."}], "id": "CVE-2023-45229", "lastModified": "2024-11-21T08:26:35.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "infosec@edk2.groups.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-16T16:15:11.533", "references": [{"source": "infosec@edk2.groups.io", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"}, {"source": "infosec@edk2.groups.io", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"}, {"source": "infosec@edk2.groups.io", "tags": ["Vendor Advisory"], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"}, {"source": "infosec@edk2.groups.io", "url": "https://security.netapp.com/advisory/ntap-20240307-0011/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240307-0011/"}], "sourceIdentifier": "infosec@edk2.groups.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "infosec@edk2.groups.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3017", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "edk2-0:20220126gitbb1bba3d77-13.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2264", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "edk2-0:20231122-6.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:4419", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "edk2-0:20221207gitfff6d81270b5-9.el9_2.3", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-09T00:00:00Z"}], "bugzilla": {"description": "edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message", "id": "2258677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258677"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "(CWE-119|CWE-125|CWE-338|CWE-835)", "details": ["EDK2's Network Package is susceptible to an out-of-bounds read\nvulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\nvulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", "A vulnerability has been identified in the NetworkPkg IP stack of EDK2, the open-source reference implementation of the UEFI specification. This flaw enables an unauthenticated attacker within the same network vicinity to transmit a specifically crafted DHCPv6 message. Exploiting this vulnerability may result in unauthorized access to memory beyond its boundaries, potentially leading to the exposure of sensitive information."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-45229", "public_date": "2024-01-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-45229\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-45229\nhttps://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html\nhttps://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"], "statement": "The identified flaw in the NetworkPkg IP stack within the EDK2, an open-source UEFI implementation, poses a moderate security concern. This vulnerability allows an unauthenticated attacker within the same network to exploit via a crafted DHCPv6 message, potentially leading to the unauthorized access of memory beyond its designated boundaries. While the issue has the potential to leak sensitive information, its impact is considered moderate, requiring an attacker to be within the adjacent network for successful exploitation.", "threat_severity": "Moderate"}