What is the severity of CVE-2023-45234?

CVE-2023-45234 is identified as a high-severity vulnerability due to its potential for unauthorized access and information disclosure.

How do I fix CVE-2023-45234?

To mitigate CVE-2023-45234, update the affected EDK2 package to a version that addresses this vulnerability, such as 0~20191122 for Ubuntu Focal or 2022.11-6 for Debian.

Which software is affected by CVE-2023-45234?

CVE-2023-45234 affects the EDK2 package in various versions across several distributions, including Ubuntu and Debian.

What is the nature of CVE-2023-45234?

CVE-2023-45234 is a buffer overflow vulnerability that occurs when processing DNS Servers options from a DHCPv6 Advertise message.

Can CVE-2023-45234 lead to remote code execution?

Yes, CVE-2023-45234 can potentially allow an attacker to execute arbitrary code, leading to significant security risks.

Vulnerability/
CVE-2023-45234

high

8.8

CWE

119

16/1/2024

13/2/2025

CVE-2023-45234: Buffer Overflow in EDK II Network Package

First published: Tue Jan 16 2024(Updated: )

EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Credit: infosec@edk2.groups.io infosec@edk2.groups.io

Affected Software	Affected Version	How to fix
debian/edk2	<=0~20181115.85588389-3+deb10u3<=2020.11-2+deb11u1<=2020.11-2+deb11u2<=2022.11-6	2022.11-6+deb12u1 2024.02-2
ubuntu/edk2	<0~20191122.	0~20191122.
ubuntu/edk2	<2022.02-3ubuntu0.22.04.2	2022.02-3ubuntu0.22.04.2
ubuntu/edk2	<2023.05-2ubuntu0.1	2023.05-2ubuntu0.1
Tianocore EDK II	<=202311

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-6638-1

Frequently Asked Questions

What is the severity of CVE-2023-45234?
CVE-2023-45234 is identified as a high-severity vulnerability due to its potential for unauthorized access and information disclosure.
How do I fix CVE-2023-45234?
To mitigate CVE-2023-45234, update the affected EDK2 package to a version that addresses this vulnerability, such as 0~20191122 for Ubuntu Focal or 2022.11-6 for Debian.
Which software is affected by CVE-2023-45234?
CVE-2023-45234 affects the EDK2 package in various versions across several distributions, including Ubuntu and Debian.
What is the nature of CVE-2023-45234?
CVE-2023-45234 is a buffer overflow vulnerability that occurs when processing DNS Servers options from a DHCPv6 Advertise message.
Can CVE-2023-45234 lead to remote code execution?
Yes, CVE-2023-45234 can potentially allow an attacker to execute arbitrary code, leading to significant security risks.

agent/title
agent/type
agent/first-publish-date
agent/author
agent/severity
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/weakness
collector/launchpad-cve
source/Launchpad
collector/usn-cve
source/Ubuntu
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-45234
agent/references
collector/mitre-cve
source/MITRE
agent/trending
agent/source
agent/tags
agent/last-modified-date
agent/description
agent/event
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
agent/softwarecombine
package-manager/debian
package-manager/ubuntu
vendor/tianocore
canonical/tianocore edk ii
version/tianocore edk ii/202311