CVE-2023-45232

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-835
View all →

Vulnerability Description

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Related Vulnerabilities

CVE-2011-1142

HIGH
CVSS:7.5(High)

Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of serv...

CWE-8352011

CVE-2013-10005

HIGH
CVSS:7.5(High)

The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.

CWE-8352013

CVE-2013-3722

HIGH
CVSS:7.5(High)

A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c.

CWE-8352013

CVE-2013-7488

HIGH
CVSS:7.5(High)

perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.

CWE-8352013

CVE-2016-4970

HIGH
CVSS:7.5(High)

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

CWE-8352016

CVE-2016-5042

HIGH
CVSS:7.5(High)

The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.

CWE-8352016