Buffer Overflow in EDK II Network Package

EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

内存缓冲区边界内操作的限制不恰当

EDK2 缓冲区错误漏洞

EDK2是Tianocore社区的一套基于UEFI和PI规范的跨平台固件开发环境。 EDK2 存在安全漏洞，该漏洞源于 Network Package 容易因 DHCPv6 客户端中的长服务器 ID 选项而受到缓冲区溢出漏洞的影响。

N/A

N/A