Re: [edk2-devel] [PATCH 09/14] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch

Gerd Hoffmann Wed, 24 Jan 2024 04:10:04 -0800

On Tue, Jan 23, 2024 at 07:33:32PM -0800, Doug Flick via groups.io wrote:
> From: Doug Flick <dougfl...@microsoft.com>
> 
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539
> 
> SECURITY PATCH - Patch
> 
> TCBZ4539
> CVE-2023-45234
> CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
> CWE-119 Improper Restriction of Operations within the Bounds of
>  a Memory Buffer
> 
> Cc: Saloni Kasbekar <saloni.kasbe...@intel.com>
> Cc: Zachary Clark-williams <zachary.clark-willi...@intel.com>
> 
> Signed-off-by: Doug Flick [MSFT] <doug.e...@gmail.com>


Code change looks good to me, commit message should be improved (see
patch #1 comments).

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114280): https://edk2.groups.io/g/devel/message/114280
Mute This Topic: https://groups.io/mt/103926740/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 09/14] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch

Reply via email to