CVE-2023-45232 HIGH

CVE-2023-45232: Infinite loop in EDK II Network Package

Vendor Tianocore
Product edk2
Weakness CWE-835
Published January 16, 2024
Last update November 4, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Key dates

02Disclosure timeline

January 16, 2024 CVE published
November 4, 2025 Record updated