Software Version Length Check Flaw in FRRouting by FRR
CVE-2023-41361

9.8CRITICAL

Key Information:

Vendor: Frrouting
Status: Frrouting
Vendor: CVE Published:; 29 August 2023

What is CVE-2023-41361?

A vulnerability in FRRouting's bgpd component has been identified where the software does not adequately validate the length of the received software version. This oversight may allow for the possibility of unexpected behavior or exploitation, impacting system integrity and availability. Proper validation of input parameters is crucial for maintaining robust security and preventing potential attacks.

References

https://github.com/FRRouting/frr/pull/14241

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

mailing-list

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2023
Vulnerability Reserved
Aug 29, 2023

Frrouting

What is CVE-2023-41361?

References

CVSS V3.1

Timeline