vulnerability
Oracle Linux: CVE-2018-12178: ELSA-2019-4668: edk2 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:N/I:P/A:P) | Feb 26, 2019 | Jun 7, 2019 | Dec 3, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
Published
Feb 26, 2019
Added
Jun 7, 2019
Modified
Dec 3, 2025
Description
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash.
A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash.
Solutions
oracle-linux-upgrade-aavmforacle-linux-upgrade-ovmf
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.