Denial of Service Vulnerability in FRRouting by FRR
CVE-2023-46752

5.9MEDIUM

Key Information:

Vendor: Frrouting
Status: Frrouting
Vendor: CVE Published:; 26 October 2023

What is CVE-2023-46752?

A Denial of Service vulnerability has been identified in FRRouting FRR through version 9.0.1. The issue arises from the improper handling of malformed MP_REACH_NLRI data, which can result in a crash of the service. This flaw poses a risk to network stability, potentially disrupting operations for users of affected versions. It is essential for system administrators using FRRouting FRR to apply updates and patches as soon as they become available to mitigate this issue.

References

https://github.com/FRRouting/frr/pull/14645/commits/b08af...

https://lists.debian.org/debian-lts-announce/2024/04/msg0...

mailing-list

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2023
Vulnerability Reserved
Oct 26, 2023

Frrouting

What is CVE-2023-46752?

References

CVSS V3.1

Timeline