CVE-2023-31489Out-of-bounds Read in Frrouting

CWE-125Out-of-bounds Read8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 44.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian FRRFedoraproject FedoraFrrouting
Timeline
PublishedMay 9
Latest updateFeb 15

Description

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

debiandebian/frr< frr 8.4.4-1 (bookworm)

Also affects: Fedora 37, 38, 39

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
frr vulnerabilities2023-06-05
GHSA
GHSA-rvch-6xgp-6mjp: An issue found in Frrouting bgpd v2023-05-09
OSV
CVE-2023-31489: An issue found in Frrouting bgpd v2023-05-09

📋Vendor Advisories

4
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
FRR vulnerabilities2023-06-05
Red Hat
frr: incorrect length check in bgp_capability_llgr() can lead do DoS2023-03-24
Debian
CVE-2023-31489: frr - An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a den...2023