PT-2023-9209 · Frrouting+4 · Frrouting+4

Zack Miele

Publicado

2023-07-24

Atualizado

2024-11-28

CVE-2023-3748

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FRRouting (affected versions not specified)

Description A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

BDU:2024-04619

CVE-2023-3748

OPENSUSE-SU-2023_3709-1

OPENSUSE-SU-2024:13191-1

OPENSUSE-SU-2024_4090-1

SUSE-SU-2023:3709-1

SUSE-SU-2023_3709-1

SUSE-SU-2024:4090-1

Produtos afetados

Debian

Frrouting

Red Os

Suse

Ubuntu

PT-2023-9209 · Frrouting+4 · Frrouting+4

CVE-2023-3748

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 99