CVE-2023-46752

frr: mishandled malformed data leading to a crash

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.

Se descubrió un problema en FRRouting FRR hasta la versión 9.0.1. Maneja mal los datos MP_REACH_NLRI con formato incorrecto, lo que provoca un bloqueo.

A data mishandling vulnerability was found in FRRouting. A malformed MP_REACH_NLRI data can lead to a crash, resulting in a denial of service.

*Credits: N/A

CVSS Scores

NISTv3.1 5.9

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-10-26 CVE Reserved
2023-10-26 CVE Published
2024-09-09 CVE Updated
2024-11-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (4)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html	Mailing List

URL	Date	SRC

URL	Date	SRC
https://github.com/FRRouting/frr/pull/14645/commits/b08afc81c60607a4f736f418f2e3eb06087f1a35	2024-04-28

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-46752	2024-05-22
https://bugzilla.redhat.com/show_bug.cgi?id=2246379	2024-05-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Frrouting Search vendor "Frrouting"		Frrouting Search vendor "Frrouting" for product "Frrouting"				<= 9.0.1 Search vendor "Frrouting" for product "Frrouting" and version " <= 9.0.1"		-		Affected