Skip to content

Commit

Permalink
ovmf: Fix CVE-2023-45230
Browse files Browse the repository at this point in the history 
EDK2's Network Package is susceptible to a buffer overflow vulnerability
via a long server ID option in DHCPv6 client. This vulnerability can be
exploited by an attacker to gain unauthorized access and potentially lead
to a loss of Confidentiality, Integrity and/or Availability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45230

Upstream-patches:
tianocore/edk2@f31453e
tianocore/edk2@5f36581

Signed-off-by: Soumya Sambu <[email protected]>
  • Loading branch information
@SoumyaWind @hongxu-jia
SoumyaWind authored and hongxu-jia committed Dec 4, 2024
1 parent aba1482 commit 50b5017
Show file tree
Hide file tree
Showing 3 changed files with 2,223 additions and 0 deletions.
Loading

0 comments on commit 50b5017

Please sign in to comment.