CVE-2023-34061 – Gorouter route pruning
CVE-2023-34061

7.5HIGH

Key Information:

Vendor: Cloud Foundry
Status: Routing Release; Cf Deployment
Vendor: CVE Published:; 12 January 2024

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2023-34061?

Cloud Foundry routing release versions ranging from v0.163.0 to v0.283.0 are susceptible to denial of service attacks. An unauthenticated attacker can exploit this vulnerability to initiate route pruning, which can significantly disrupt and degrade the service availability of Cloud Foundry deployments. This vulnerability poses a risk to organizations utilizing Cloud Foundry, potentially impacting their operational capabilities and user experiences.

Affected Version(s)

CF deployment 0.28.0 < 33.6.0

Routing Release 0.163.0 < 0.284.0

References

https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2024
Vulnerability Reserved
May 25, 2023

CVE-2023-34061 Data

JSON