CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
76.7%
EDK2’s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
[
{
"defaultStatus": "unaffected",
"product": "edk2",
"vendor": "TianoCore",
"versions": [
{
"status": "affected",
"version": "edk2-stable202308"
}
]
}
]
packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
www.openwall.com/lists/oss-security/2024/01/16/2
github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
lists.fedoraproject.org/archives/list/[email protected]/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
security.netapp.com/advisory/ntap-20240307-0011/
More