Infinite Loop Vulnerability in EDK2's Network Package: Exploiting IPv6 Destination Options Header Parsing

Infinite Loop Vulnerability in EDK2's Network Package: Exploiting IPv6 Destination Options Header Parsing

CVE-2023-45232 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Learn more about our Network Penetration Testing.