CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
42.5%
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of
path attributes) set by a potentially distant remote actor may cause the
system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata
006.
blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig
github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1
launchpad.net/bugs/cve/CVE-2023-38283
news.ycombinator.com/item?id=37305800
nvd.nist.gov/vuln/detail/CVE-2023-38283
security-tracker.debian.org/tracker/CVE-2023-38283
www.cve.org/CVERecord?id=CVE-2023-38283
www.openbsd.org/errata73.html