PT-2023-9210 · Unknown+3 · Frrouting Frr+3

Iggy Frankovic

Published

2023-08-28

Updated

2024-06-17

CVE-2023-41361

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FRRouting FRR version 9.0

Description An issue was discovered in FRRouting FRR, where the bgpd/bgp open.c file does not check for an overly large length of the rcv software version. This could allow a remote attacker to cause a denial of service.

Recommendations For FRRouting FRR version 9.0, as a temporary workaround, consider disabling the bgp open function in bgpd/bgp open.c until a patch is available. Restrict access to the bgpd module to minimize the risk of exploitation. Avoid using the rcv software version in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2023-7098

ALT-PU-2024-2047

BDU:2024-04620

CVE-2023-41361

DLA-3573-1

Affected Products

Alt Linux

Debian

Frrouting Frr

Red Os

PT-2023-9210 · Unknown+3 · Frrouting Frr+3

CVE-2023-41361

Weakness Enumeration

Related Identifiers

Affected Products

References · 19