CVE-2023-47234Frrouting vulnerability

10 documents8 sources
Severity
7.5HIGHNVD
OSV7.8
EPSS
0.2%
top 51.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Debian FRRFrroutingPaloalto Pan-os+7 more
Timeline
PublishedNov 3
Latest updateOct 29

Description

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

debiandebian/frr< frr 7.5.1-1.1+deb11u3 (bullseye)
Palo Altopaloalto/pan-os

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
frr vulnerabilities2024-06-05
GHSA
GHSA-v9pv-vrqw-885r: An issue was discovered in FRRouting FRR through 92023-11-03
OSV
CVE-2023-47234: An issue was discovered in FRRouting FRR through 92023-11-03

📋Vendor Advisories

6
Palo Alto
PAN-SA-2024-0012 Informational Bulletin: OSS CVEs fixed in PAN-OS2024-10-29
Ubuntu
FRR vulnerabilities2024-06-05
Ubuntu
FRR vulnerabilities2023-11-21
Microsoft
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory p2023-11-14
Red Hat
frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message2023-11-03