32. DNS Packet Size Check

Description:

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.

Impact:

Escalation of Privilege and/or Denial of Service

Severity:

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Recommendation:

EDK II Commit:

• https://github.com/tianocore/edk2/commit/84110bbe4bb3a346514b9bb12eadb7586bca7dfd

Patch:

• https://bugzilla.tianocore.org/attachment.cgi?id=124

Acknowledgments:

Intel Team

References:

CVE-2018-12178

EDK II Bugzilla #809