CVE-2023-46753Incorrect Authorization in Frrouting

CWE-863Incorrect AuthorizationCWE-400Uncontrolled Resource Consumption12 documents8 sources
Severity
5.9MEDIUMNVD
OSV7.8
EPSS
0.1%
top 68.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Debian FRRFrroutingMsrc Azl3 FRR 8.5.3-2 ON Azure Linux 3.0+6 more
Timeline
PublishedOct 26
Latest updateJun 5

Description

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages9 packages

debiandebian/frr< frr 7.5.1-1.1+deb11u3 (bullseye)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
frr vulnerabilities2024-06-05
OSV
frr vulnerabilities2023-11-15
OSV
CVE-2023-46753: An issue was discovered in FRRouting FRR through 92023-10-26
GHSA
GHSA-33fq-cj88-4v27: An issue was discovered in FRRouting FRR through 92023-10-26

📋Vendor Advisories

6
Ubuntu
FRR vulnerabilities2024-06-05
Ubuntu
Quagga vulnerabilities2023-11-15
Ubuntu
FRR vulnerabilities2023-11-15
Red Hat
frr: crafted BGP UPDATE message leading to a crash2023-10-26
Microsoft
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes e.g. one with only an unknown transit attribute.2023-10-10

🕵️Threat Intelligence

1
Bleepingcomputer
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws2023-11-14