CVE-2023-45232

moderate-risk

Published 2024-01-16

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

Do I need to act?

0.48% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Edk2

Affected Vendors

Tianocore

References (12)

Third Party Advisory http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

Mailing List http://www.openwall.com/lists/oss-security/2024/01/16/2

Vendor Advisory https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

https://security.netapp.com/advisory/ntap-20240307-0011/

Third Party Advisory http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

Mailing List http://www.openwall.com/lists/oss-security/2024/01/16/2

Vendor Advisory https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

https://security.netapp.com/advisory/ntap-20240307-0011/

https://www.kb.cert.org/vuls/id/132380

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal