CVE-2023-3748
Last modified
CVE-2023-3748 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.. EPSS estimates a 0.66% chance of exploitation in the next 30 days.
Description
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Frrouting | Frrouting | < 8.5 |
References
- https://access.redhat.com/security/cve/CVE-2023-3748Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2223668Issue Tracking, Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2023-3748Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2223668Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-3748?
How severe is CVE-2023-3748?
How do I fix CVE-2023-3748?
Are you affected by CVE-2023-3748?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST