CVE-2023-45235 HIGH

CVE-2023-45235: Buffer Overflow in EDK II Network Package

Vendor Tianocore
Product edk2
Weakness CWE-119
Published January 16, 2024
Last update November 4, 2025

CVSS base score

8.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Key dates

02Disclosure timeline

January 16, 2024 CVE published
November 4, 2025 Record updated