First published: Tue Jan 16 2024(Updated: )
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
Credit: infosec@edk2.groups.io infosec@edk2.groups.io
Affected Software | Affected Version | How to fix |
---|---|---|
Tianocore EDK II | ||
ubuntu/edk2 | <0~20191122. | 0~20191122. |
ubuntu/edk2 | <2022.02-3ubuntu0.22.04.2 | 2022.02-3ubuntu0.22.04.2 |
ubuntu/edk2 | <2023.05-2ubuntu0.1 | 2023.05-2ubuntu0.1 |
Tianocore EDK2 | <=202311 | |
debian/edk2 | <=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6 | 2022.11-6+deb12u1 2024.02-2 |
<=202311 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.