BGP UPDATE Processing Flaw in FRRouting Affects Multiple Versions
CVE-2023-47234

7.5HIGH

Key Information:

Vendor: Frrouting
Status: Frrouting
Vendor: CVE Published:; 3 November 2023

What is CVE-2023-47234?

A critical vulnerability in FRRouting FRR versions up to 9.0.1 has been identified, which can lead to system crashes when a malformed BGP UPDATE message containing a MP_UNREACH_NLRI attribute is processed. This message may include additional NLRI data that omits mandatory path attributes, resulting in potential service disruptions. Network administrators are urged to review configurations and apply necessary updates to mitigate risks associated with this issue.

References

https://github.com/FRRouting/frr/pull/14716/commits/c3711...

https://lists.debian.org/debian-lts-announce/2024/04/msg0...

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Nov 3, 2023

Frrouting

What is CVE-2023-47234?

References

CVSS V3.1

Timeline