Vulnerability Details : CVE-2023-3748
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.
Vulnerability category: Denial of service
Products affected by CVE-2023-3748
- cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3748
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3748
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
|
3.5
|
LOW | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
2.1
|
1.4
|
Red Hat, Inc. |
CWE ids for CVE-2023-3748
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-3748
-
https://bugzilla.redhat.com/show_bug.cgi?id=2223668
2223668 – (CVE-2023-3748) CVE-2023-3748 frr: Inifinite loop in babld message parsing may cause DoSIssue Tracking;Third Party Advisory
-
https://access.redhat.com/security/cve/CVE-2023-3748
CVE-2023-3748- Red Hat Customer PortalThird Party Advisory
Jump to