Lucene search

[email protected]NVD:CVE-2023-41358

HistoryAug 29, 2023 - 4:15 a.m.

CVE-2023-41358

2023-08-2904:15:16

CWE-476

[email protected]

web.nvd.nist.gov

frrouting

bgpd

bgp_packet.c

vulnerability

nlris

attribute length

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.8%

JSON

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

Affected configurations

NVD

Node

frroutingfrroutingRange≤9.0

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

Node

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

fedoraprojectfedoraMatch39

References

github.com/FRRouting/frr/pull/14260

lists.debian.org/debian-lts-announce/2023/09/msg00020.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/

www.debian.org/security/2023/dsa-5495

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.8%

JSON

Related for NVD:CVE-2023-41358

redhatcve1 nessus18 veracode1 ubuntucve1 prion1 cve1 debiancve1 cvelist1 osv7 cbl_mariner1 openvas13 cloudlinux1 ubuntu2 almalinux2 oraclelinux2 redhat2 redos1 fedora3 debian2