CVE-2023-31490

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Frrouting bgpd version 8.4.2

Description The issue is related to the bgp attr psid sub() function in FRRouting, which can be exploited by a remote attacker to cause a denial of service. This is due to the lack of neutralization of special elements. The exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For version 8.4.2, consider disabling the bgp attr psid sub() function as a temporary workaround until a patch is available. Restrict access to the bgpd service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALSA-2024:2156

ALSA-2024:2981

ALT-PU-2023-1740

AZL-26729

BDU:2024-02578

CESA-2024_2981

CVE-2023-31490

DLA-3573-1

DSA-5495-1

INFSA-2024_2156

INFSA-2024_2981

OPENSUSE-SU-2024:12967-1

OPENSUSE-SU-2024_4090-1

RHSA-2024:2156

RHSA-2024:2981

RHSA-2024_2156

RHSA-2024_2981

SUSE-SU-2023:2518-1

SUSE-SU-2024:4090-1

USN-6136-1

USN-6323-1

USN-6807-1

Affected Products

Alt Linux

Almalinux

Centos

Frrouting

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-31490

Weakness Enumeration

Related Identifiers

Affected Products

References · 98