jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fd42fc96e3
cvrf2cusa/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1316.json
Jia Chao fd42fc96e3 release v0.1.2 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-08-01 10:25:22 +08:00

14 lines
2.1 KiB
JSON
Raw Blame History

{
"id": "openEuler-SA-2024-1316",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1316",
"title": "An update for edk2 is now available for openEuler-22.03-LTS",
"severity": "High",
"description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\n\nEDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.\r\n\r\n(CVE-2022-36764)\r\n\r\n EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\r\n\r\n(CVE-2023-45230)\r\n\r\n EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\r\n\r\n(CVE-2023-45232)\r\n\r\n EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\r\n\r\n(CVE-2023-45233)\r\n\r\n EDK2's Network Package is susceptible to a buffer overflow vulnerability when\r\n\r\n\r\n\r\n\r\n\r\nhandling Server ID option \r\n\r\n\r\n\r\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\r\n\r\n(CVE-2023-45235)",
"cves": [
{
"id": "CVE-2023-45235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45235",
"severity": "High"
}
]
}
Reference in New Issue View Git Blame Copy Permalink