CVE-2023-3748

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-3748	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2223668	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*

History

02 Aug 2023, 14:46

Type	Values Removed	Values Added
First Time		Frrouting frrouting Frrouting
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-835
CPE		cpe:2.3:a:frrouting:frrouting::::::::
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2223668 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2223668 - Issue Tracking, Third Party Advisory
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2023-3748 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2023-3748 - Third Party Advisory

24 Jul 2023, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-24 16:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-3748

Mitre link : CVE-2023-3748

CVE.ORG link : CVE-2023-3748

JSON object : View

Products Affected

frrouting

frrouting

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2023-3748", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2023-07-24T16:15:13.203", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3748", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223668", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service."}], "lastModified": "2023-11-07T04:19:28.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB0E7F12-AAE7-48DA-B684-585BA3188B28", "versionEndExcluding": "8.5"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}