First published: Tue Jan 16 2024(Updated: )
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.
Credit: infosec@edk2.groups.io infosec@edk2.groups.io
Affected Software | Affected Version | How to fix |
---|---|---|
Tianocore EDK2 | <=202311 | |
ubuntu/edk2 | <2022.02-3ubuntu0.22.04.2 | 2022.02-3ubuntu0.22.04.2 |
ubuntu/edk2 | <0~20191122. | 0~20191122. |
ubuntu/edk2 | <2023.05-2ubuntu0.1 | 2023.05-2ubuntu0.1 |
debian/edk2 | <=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6 | 2022.11-6+deb12u1 2024.02-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.