CVE-2023-45229 - OpenCVE

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Rhel Eus
Tianocore	Edk2

Configuration 1 [-]

cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
edk2-0:20220126gitbb1bba3d77-13.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:3017	2024-05-22T00:00:00Z
Red Hat Enterprise Linux 9
edk2-0:20231122-6.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:2264	2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
edk2-0:20221207gitfff6d81270b5-9.el9_2.3	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4419	2024-07-09T00:00:00Z

References

Link	Providers
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
http://www.openwall.com/lists/oss-security/2024/01/16/2
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
https://nvd.nist.gov/vuln/detail/CVE-2023-45229
https://security.netapp.com/advisory/ntap-20240307-0011/
https://www.cve.org/CVERecord?id=CVE-2023-45229

History

No history.

MITRE

Status: PUBLISHED

Assigner: TianoCore

Published: 2024-01-16T16:07:31.826Z

Updated: 2024-08-02T20:14:19.771Z

Reserved: 2023-10-05T20:48:19.877Z

Link: CVE-2023-45229

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-16T16:15:11.533

Modified: 2024-03-07T17:15:10.000

Link: CVE-2023-45229

Redhat

Severity : Moderate

Publid Date: 2024-01-16T00:00:00Z

Links: CVE-2023-45229 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45229", "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "state": "PUBLISHED", "assignerShortName": "TianoCore", "dateReserved": "2023-10-05T20:48:19.877Z", "datePublished": "2024-01-16T16:07:31.826Z", "dateUpdated": "2024-08-02T20:14:19.771Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [{"status": "affected", "version": "edk2-stable202308"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nEDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."}], "value": "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2024-01-16T16:07:31.826Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"}, {"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-Bounds Read in EDK II Network Package", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:19.771Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B", "versionEndIncluding": "202311", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."}, {"lang": "es", "value": "EDK2's Network Package es susceptible a una vulnerabilidad de lectura fuera de los l\u00edmites cuando procesa la opci\u00f3n IA_NA o IA_TA en un mensaje de publicidad DHCPv6. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad."}], "id": "CVE-2023-45229", "lastModified": "2024-03-07T17:15:10.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "infosec@edk2.groups.io", "type": "Secondary"}]}, "published": "2024-01-16T16:15:11.533", "references": [{"source": "infosec@edk2.groups.io", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"}, {"source": "infosec@edk2.groups.io", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"}, {"source": "infosec@edk2.groups.io", "tags": ["Vendor Advisory"], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"}, {"source": "infosec@edk2.groups.io", "url": "https://security.netapp.com/advisory/ntap-20240307-0011/"}], "sourceIdentifier": "infosec@edk2.groups.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "infosec@edk2.groups.io", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3017", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "edk2-0:20220126gitbb1bba3d77-13.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2264", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "edk2-0:20231122-6.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:4419", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "edk2-0:20221207gitfff6d81270b5-9.el9_2.3", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-09T00:00:00Z"}], "bugzilla": {"description": "edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message", "id": "2258677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258677"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "(CWE-119|CWE-125|CWE-338|CWE-835)", "details": ["EDK2's Network Package is susceptible to an out-of-bounds read\nvulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\nvulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.", "A vulnerability has been identified in the NetworkPkg IP stack of EDK2, the open-source reference implementation of the UEFI specification. This flaw enables an unauthenticated attacker within the same network vicinity to transmit a specifically crafted DHCPv6 message. Exploiting this vulnerability may result in unauthorized access to memory beyond its boundaries, potentially leading to the exposure of sensitive information."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-45229", "public_date": "2024-01-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-45229\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-45229\nhttps://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html\nhttps://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"], "statement": "The identified flaw in the NetworkPkg IP stack within the EDK2, an open-source UEFI implementation, poses a moderate security concern. This vulnerability allows an unauthenticated attacker within the same network to exploit via a crafted DHCPv6 message, potentially leading to the unauthorized access of memory beyond its designated boundaries. While the issue has the potential to leak sensitive information, its impact is considered moderate, requiring an attacker to be within the adjacent network for successful exploitation.", "threat_severity": "Moderate"}