Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-41358

Опубликовано: 29 авг. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

A flaw was found in FRRouting, where it is susceptible to a denial of service vulnerability triggered by a NULL pointer dereference issue during the processing of Network Layer Reachability Information (NLRIs) with a zero attribute length. The vulnerability arises from inadequate validation of user-supplied input in bgpd/bgp_packet.c when handling NLRIs. This flaw allows attackers to send specially crafted input, causing a crash that leads to a denial of service attack.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2235839frr: processes invalid NLRIs if attribute length is zero

EPSS

Процентиль: 52%
0.00294
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-41358

CVSS3: 7.5
ubuntu
почти 2 года назад

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

nvd логотип

CVE-2023-41358

CVSS3: 7.5
nvd
почти 2 года назад

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

msrc логотип

CVE-2023-41358

CVSS3: 7.5
msrc
почти 2 года назад

Описание отсутствует

debian логотип

CVE-2023-41358

CVSS3: 7.5
debian
почти 2 года назад

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...

github логотип

GHSA-wpmx-4jmr-jx6r

CVSS3: 7.5
github
почти 2 года назад

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

EPSS

Процентиль: 52%
0.00294
Низкий

7.5 High

CVSS3