CVE-2023-47235

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/FRRouting/frr/pull/14716/commits/6814f2e0138a6ea5e1f83bdd9085d9a77999900b	Patch
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-03 21:15

Updated : 2024-07-03 01:42

NVD link : CVE-2023-47235

Mitre link : CVE-2023-47235

CVE.ORG link : CVE-2023-47235

JSON object : View

Products Affected

frrouting

frrouting

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-47235", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.1}]}, "published": "2023-11-03T21:15:17.470", "references": [{"url": "https://github.com/FRRouting/frr/pull/14716/commits/6814f2e0138a6ea5e1f83bdd9085d9a77999900b", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en FRRouting FRR hasta 9.0.1. Puede ocurrir una ca\u00edda cuando se procesa un mensaje malformado de BGP UPDATE con un EOR, porque la presencia de un EOR no conduce a un resultado de treat-as-withdraw."}], "lastModified": "2024-07-03T01:42:11.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E183F4-1C38-4876-BA65-38E96CD3E5DC", "versionEndIncluding": "9.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}