CVE-2023-46753

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FRRouting versions through 9.0.1

Description An issue was discovered in FRRouting where a crash can occur for a crafted BGP UPDATE message without mandatory attributes, such as one with only an unknown transit attribute. This issue is related to an uncontrolled resource consumption vulnerability, which can be exploited by a remote attacker to cause a denial of service using a specially crafted file.

Recommendations For versions through 9.0.1, consider disabling the handling of BGP UPDATE messages without mandatory attributes as a temporary workaround until a patch is available. Restrict access to the BGP protocol to minimize the risk of exploitation. Avoid processing unknown transit attributes in BGP UPDATE messages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Incorrect Authorization

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-400

Related Identifiers

ALSA-2024:2156

ALSA-2024:2981

ALT-PU-2024-1188

ALT-PU-2024-2047

AZL-31728

AZL-34689

BDU:2023-08631

CESA-2024_2981

CVE-2023-46753

DLA-3797-1

DLA-3865-1

INFSA-2024_2156

INFSA-2024_2981

OPENSUSE-SU-2023_4473-1

OPENSUSE-SU-2023_4483-1

OPENSUSE-SU-2024:13387-1

OPENSUSE-SU-2024_4090-1

RHSA-2024:2156

RHSA-2024:2981

RHSA-2024_2156

RHSA-2024_2981

SUSE-SU-2023:4473-1

SUSE-SU-2023:4483-1

SUSE-SU-2024:4090-1

USN-6481-1

USN-6482-1

USN-6807-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Frrouting

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-46753

Weakness Enumeration

Related Identifiers

Affected Products

References · 99