VulnerableCode Package Details - pkg:deb/debian/edk2@2022.11-6

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-5tjt-sq7f-aaaa Aliases: CVE-2023-45232	EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.	2022.11-6+deb12u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2022.11-6+deb12u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fd27-e1my-aaas Aliases: CVE-2023-45229	EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.	2022.11-6+deb12u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2022.11-6+deb12u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-j4d6-r39b-aaac Aliases: CVE-2023-45230	EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.	2022.11-6+deb12u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2022.11-6+deb12u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-keqz-ek12-aaad Aliases: CVE-2022-36765	EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W	2022.11-6+deb12u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2022.11-6+deb12u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kxcj-kecq-aaah Aliases: CVE-2023-45234	EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.	2022.11-6+deb12u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2022.11-6+deb12u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pcxk-paj7-aaap Aliases: CVE-2022-36763	EDK2: heap buffer overflow in Tcg2MeasureGptTable()	2022.11-6+deb12u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2022.11-6+deb12u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-phkd-4f7d-aaaj Aliases: CVE-2023-45235	EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.	2022.11-6+deb12u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2022.11-6+deb12u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-up29-q45t-aaac Aliases: CVE-2023-45233	EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.	2022.11-6+deb12u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2022.11-6+deb12u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x3u3-t2dd-aaah Aliases: CVE-2022-36764	EDK2: heap buffer overflow in Tcg2MeasurePeImage()	2022.11-6+deb12u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2022.11-6+deb12u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zh68-hgen-aaaa Aliases: CVE-2023-45231	EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.	2022.11-6+deb12u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2022.11-6+deb12u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

purl	pkg:deb/debian/edk2@2022.11-6
Tags	Ghost

Next non-vulnerable version	2025.02-8
Latest non-vulnerable version	2025.02-8
Risk	4.0

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-04-26T05:26:49.239320+00:00	Debian Importer	Affected by	VCID-phkd-4f7d-aaaj	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-26T05:26:40.294464+00:00	Debian Importer	Affected by	VCID-kxcj-kecq-aaah	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-26T05:26:36.987680+00:00	Debian Importer	Affected by	VCID-up29-q45t-aaac	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-26T05:26:33.318583+00:00	Debian Importer	Affected by	VCID-5tjt-sq7f-aaaa	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-26T05:26:25.366514+00:00	Debian Importer	Affected by	VCID-zh68-hgen-aaaa	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-26T05:26:22.914966+00:00	Debian Importer	Affected by	VCID-j4d6-r39b-aaac	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-26T05:26:18.188652+00:00	Debian Importer	Affected by	VCID-fd27-e1my-aaas	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-25T19:07:08.883749+00:00	Debian Importer	Affected by	VCID-keqz-ek12-aaad	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-25T19:07:05.686466+00:00	Debian Importer	Affected by	VCID-x3u3-t2dd-aaah	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-04-25T19:07:00.822666+00:00	Debian Importer	Affected by	VCID-pcxk-paj7-aaap	https://security-tracker.debian.org/tracker/data/json	34.0.0rc4
2024-01-11T05:28:29.600092+00:00	Debian Importer	Fixing	VCID-5352-njw5-aaaa	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-11T05:28:27.805754+00:00	Debian Importer	Fixing	VCID-5352-njw5-aaaa	None	34.0.0rc2
2024-01-11T05:28:21.049404+00:00	Debian Importer	Fixing	VCID-z8n1-6p1f-aaan	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-11T05:28:11.968585+00:00	Debian Importer	Fixing	VCID-z8n1-6p1f-aaan	None	34.0.0rc2
2024-01-10T22:54:53.576583+00:00	Debian Importer	Fixing	VCID-2jsu-4abf-aaae	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2
2024-01-10T22:54:48.132919+00:00	Debian Importer	Fixing	VCID-2jsu-4abf-aaae	None	34.0.0rc2
2024-01-04T16:48:17.011946+00:00	Debian Importer	Fixing	VCID-5352-njw5-aaaa	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-04T16:48:11.521602+00:00	Debian Importer	Fixing	VCID-5352-njw5-aaaa	None	34.0.0rc1
2024-01-04T16:48:05.743118+00:00	Debian Importer	Fixing	VCID-z8n1-6p1f-aaan	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-04T16:47:56.803237+00:00	Debian Importer	Fixing	VCID-z8n1-6p1f-aaan	None	34.0.0rc1
2024-01-04T12:04:28.231282+00:00	Debian Importer	Fixing	VCID-2jsu-4abf-aaae	https://security-tracker.debian.org/tracker/data/json	34.0.0rc1
2024-01-04T12:04:15.695763+00:00	Debian Importer	Fixing	VCID-2jsu-4abf-aaae	None	34.0.0rc1