CVE-2023-38802

Опубликовано: 29 авг. 2023

Источник: debian

Описание

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
frr	fixed	8.4.4-1.1		package

Примечания

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
https://github.com/FRRouting/frr/pull/14290
https://github.com/FRRouting/frr/commit/bcb6b58d9530173df41d3a3cbc4c600ee0b4b186
Backport for stable/8.4: https://github.com/FRRouting/frr/pull/14295
https://github.com/FRRouting/frr/commit/46817adab03802355c3cce7b753c7a735bdcc5ae

Связанные уязвимости

CVE-2023-38802

CVSS3: 7.5

ubuntu

почти 2 года назад

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

CVE-2023-38802

CVSS3: 7.5

redhat

почти 2 года назад

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

CVE-2023-38802

CVSS3: 7.5

nvd

почти 2 года назад

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

CVE-2023-38802

CVSS3: 7.5

msrc

почти 2 года назад

Описание отсутствует

GHSA-xh4f-v933-c556

CVSS3: 7.5

github

почти 2 года назад

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).