CVE-2023-38802 — Improper Validation of Integrity Check Value in Frrouting

CWE-354 — Improper Validation of Integrity Check Value CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-20 — Improper Input Validation10 documents9 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 23.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Frrouting Debian Linux Fedoraproject Fedora +5 more

Timeline

PublishedAug 29

Latest updateJun 5

Description

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDpica8/picos4.3.3.2

▶NVDfrrouting/frrouting7.5.1 — 9.0

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/cloud_ngfw

▶Palo Altopaloalto/prisma_access

Also affects: Debian Linux 10.0, 11.0, 12.0, Fedora 37, 38, 39

🔴Vulnerability Details

OSV

frr vulnerabilities↗2024-06-05

▶

GHSA

GHSA-xh4f-v933-c556: FRRouting FRR 7↗2023-08-29

▶

OSV

CVE-2023-38802: FRRouting FRR 7↗2023-08-29

▶

CVEList

CVE-2023-38802: FRRouting FRR 7↗2023-08-29

▶

📋Vendor Advisories

Ubuntu

FRR vulnerabilities↗2024-06-05

▶

Palo Alto

PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software↗2023-09-13

▶

Red Hat

frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router↗2023-08-29

▶

Microsoft

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).↗2023-08-08

▶

Debian

CVE-2023-38802: frr - FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker ...↗2023

▶