CVE-2023-3748

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FRRouting (affected versions not specified)

Description A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2024-04619

CVE-2023-3748

OPENSUSE-SU-2023_3709-1

OPENSUSE-SU-2024:13191-1

OPENSUSE-SU-2024_4090-1

SUSE-SU-2023:3709-1

SUSE-SU-2023_3709-1

SUSE-SU-2024:4090-1

Affected Products

Debian

Frrouting

Red Os

Suse

Ubuntu

CVE-2023-3748

Weakness Enumeration

Related Identifiers

Affected Products

References · 99