What is the severity of CVE-2023-45230?

CVE-2023-45230 has a high severity as it can lead to unauthorized access and potential loss of confidentiality, integrity, and availability.

How do I fix CVE-2023-45230?

To fix CVE-2023-45230, update EDK II to a version greater than 202311, or apply the appropriate patches if using compatible distributions such as Ubuntu or Debian.

What software is affected by CVE-2023-45230?

CVE-2023-45230 affects Tianocore EDK II and various versions across Ubuntu and Debian packages.

How can CVE-2023-45230 be exploited?

An attacker can exploit CVE-2023-45230 by sending a long server ID option in DHCPv6, leading to a buffer overflow.

Is there a workaround for CVE-2023-45230 if I cannot update immediately?

A potential workaround for CVE-2023-45230 is to disable DHCPv6 on affected systems until an update can be applied.

Vulnerability/
CVE-2023-45230

high

8.8

CWE

119 787

16/1/2024

22/10/2024

CVE-2023-45230: Buffer Overflow in EDK II Network Package

First published: Tue Jan 16 2024(Updated: )

EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Credit: infosec@edk2.groups.io infosec@edk2.groups.io

Affected Software	Affected Version	How to fix
Tianocore EDK II
ubuntu/edk2	<0~20191122.	0~20191122.
ubuntu/edk2	<2022.02-3ubuntu0.22.04.2	2022.02-3ubuntu0.22.04.2
ubuntu/edk2	<2023.05-2ubuntu0.1	2023.05-2ubuntu0.1
Tianocore EDK2	<=202311
debian/edk2	<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6	2022.11-6+deb12u1 2024.02-2
	<=202311

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-6638-1

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-45235

Frequently Asked Questions

What is the severity of CVE-2023-45230?
CVE-2023-45230 has a high severity as it can lead to unauthorized access and potential loss of confidentiality, integrity, and availability.
How do I fix CVE-2023-45230?
To fix CVE-2023-45230, update EDK II to a version greater than 202311, or apply the appropriate patches if using compatible distributions such as Ubuntu or Debian.
What software is affected by CVE-2023-45230?
CVE-2023-45230 affects Tianocore EDK II and various versions across Ubuntu and Debian packages.
How can CVE-2023-45230 be exploited?
An attacker can exploit CVE-2023-45230 by sending a long server ID option in DHCPv6, leading to a buffer overflow.
Is there a workaround for CVE-2023-45230 if I cannot update immediately?
A potential workaround for CVE-2023-45230 is to disable DHCPv6 on affected systems until an update can be applied.

agent/title
agent/type
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2023-45230
alias/CVE-2023-45235
agent/news-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/first-publish-date
agent/author
agent/severity
agent/description
collector/nvd-cve
source/NVD
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/launchpad-cve
source/Launchpad
agent/event
collector/usn-cve
source/Ubuntu
agent/references
collector/redhat-bugzilla
source/Red Hat
collector/mitre-cve
source/MITRE
collector/nvd-api
agent/weakness
agent/last-modified-date
agent/tags
agent/trending
agent/source
vendor/tianocore
canonical/tianocore edk ii
canonical/tianocore edk2
version/tianocore edk2/202311
package-manager/debian
package-manager/ubuntu