cve/2023/CVE-2023-45233.md

CVE-2023-45233

Description

EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

POC

Reference

• http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

Github

• https://github.com/fkie-cad/nvd-json-data-feeds
• https://github.com/quarkslab/pixiefail