UBUNTU-CVE-2023-45232
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2023-45232
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-45232.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-45232
- Related
- Published
- 2024-01-16T16:15:00Z
- Modified
- 2024-01-16T16:15:00Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
- References
-
- https://ubuntu.com/security/CVE-2023-45232
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
- https://www.openwall.com/lists/oss-security/2024/01/16/2
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
- https://ubuntu.com/security/notices/USN-6638-1
- https://www.cve.org/CVERecord?id=CVE-2023-45232
Affected packages
Ubuntu:Pro:16.04:LTS / edk2
Package
- Name
- edk2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:18.04:LTS / edk2
Package
- Name
- edk2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0~20170911.*
0~20170911.5dfba97c-1
0~20171010.*
0~20171010.234dbcef-1
0~20171027.*
0~20171027.76fd5a66-1
0~20171205.*
0~20171205.a9212288-1
0~20180105.*
0~20180105.0bc94c74-1
0~20180205.*
0~20180205.c0d9813c-1
0~20180205.c0d9813c-2
0~20180205.c0d9813c-2ubuntu0.1
0~20180205.c0d9813c-2ubuntu0.2
0~20180205.c0d9813c-2ubuntu0.3
0~20180205.c0d9813c-2ubuntu0.3+esm1
Ubuntu:20.04:LTS / edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@0~20191122.bd85bf54-2ubuntu3.5?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0~20191122.bd85bf54-2ubuntu3.5
Affected versions
0~20190606.*
0~20190606.20d2e5a1-2ubuntu1
0~20190828.*
0~20190828.37eef910-3
0~20190828.37eef910-4
0~20191122.*
0~20191122.bd85bf54-1
0~20191122.bd85bf54-1ubuntu1
0~20191122.bd85bf54-2
0~20191122.bd85bf54-2ubuntu1
0~20191122.bd85bf54-2ubuntu2
0~20191122.bd85bf54-2ubuntu3
0~20191122.bd85bf54-2ubuntu3.1
0~20191122.bd85bf54-2ubuntu3.2
0~20191122.bd85bf54-2ubuntu3.3
0~20191122.bd85bf54-2ubuntu3.4
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"qemu-efi-aarch64": "0~20191122.bd85bf54-2ubuntu3.5",
"ovmf": "0~20191122.bd85bf54-2ubuntu3.5",
"qemu-efi": "0~20191122.bd85bf54-2ubuntu3.5",
"qemu-efi-arm": "0~20191122.bd85bf54-2ubuntu3.5"
}
]
}
Ubuntu:22.04:LTS / edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@2022.02-3ubuntu0.22.04.2?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2022.02-3ubuntu0.22.04.2
Affected versions
2021.*
2021.08~rc0-2
2021.08-3
2021.11~rc1-1
2021.11-1
2021.11-2
2022.*
2022.02~rc1-1
2022.02~rc1-1ubuntu1
2022.02-1
2022.02-2
2022.02-3
2022.02-3ubuntu0.22.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ovmf-ia32": "2022.02-3ubuntu0.22.04.2",
"qemu-efi-aarch64": "2022.02-3ubuntu0.22.04.2",
"ovmf": "2022.02-3ubuntu0.22.04.2",
"qemu-efi": "2022.02-3ubuntu0.22.04.2",
"qemu-efi-arm": "2022.02-3ubuntu0.22.04.2"
}
]
}
Ubuntu:24.04:LTS / edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@2023.11-6?arch=src?distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2023.11-6
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"qemu-efi-riscv64": "2023.11-6",
"efi-shell-riscv64": "2023.11-6",
"efi-shell-arm": "2023.11-6",
"qemu-efi-arm": "2023.11-6",
"ovmf-ia32": "2023.11-6",
"efi-shell-ia32": "2023.11-6",
"qemu-efi-aarch64": "2023.11-6",
"efi-shell-x64": "2023.11-6",
"ovmf": "2023.11-6",
"efi-shell-aa64": "2023.11-6"
}
]
}