PT-2023-7575 · Frrouting+10 · Frrouting+10

Iggy Frankovic

·

Publicado

2023-10-25

·

Atualizado

2024-11-28

·

CVE-2023-46753

CVSS v3.1

5.9

Média

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions FRRouting versions through 9.0.1
Description An issue was discovered in FRRouting where a crash can occur for a crafted BGP UPDATE message without mandatory attributes, such as one with only an unknown transit attribute. This issue is related to an uncontrolled resource consumption vulnerability, which can be exploited by a remote attacker to cause a denial of service using a specially crafted file.
Recommendations For versions through 9.0.1, consider disabling the handling of BGP UPDATE messages without mandatory attributes as a temporary workaround until a patch is available. Restrict access to the BGP protocol to minimize the risk of exploitation. Avoid processing unknown transit attributes in BGP UPDATE messages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Incorrect Authorization

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863CWE-400

Identificadores relacionados

ALSA-2024:2156
ALSA-2024:2981
ALT-PU-2024-1188
ALT-PU-2024-2047
AZL-31728
AZL-34689
BDU:2023-08631
CESA-2024_2981
CVE-2023-46753
DLA-3797-1
DLA-3865-1
INFSA-2024_2156
INFSA-2024_2981
OPENSUSE-SU-2023_4473-1
OPENSUSE-SU-2023_4483-1
OPENSUSE-SU-2024:13387-1
OPENSUSE-SU-2024_4090-1
RHSA-2024:2156
RHSA-2024:2981
RHSA-2024_2156
RHSA-2024_2981
SUSE-SU-2023:4473-1
SUSE-SU-2023:4483-1
SUSE-SU-2024:4090-1
USN-6481-1
USN-6482-1
USN-6807-1

Produtos afetados

Alt Linux
Almalinux
Centos
Debian
Frrouting
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu