Vulnerability Details : CVE-2023-38407
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
Products affected by CVE-2023-38407
- cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-38407
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-38407
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-07-03 |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2023-38407
-
https://github.com/FRRouting/frr/pull/12956
bgpd: Fix use beyond end of stream of labeled unicast parsing (backport #12951) by mergify[bot] · Pull Request #12956 · FRRouting/frr · GitHubPatch
-
https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5
Comparing frr-8.5-rc...frr-8.5 · FRRouting/frr · GitHubPatch
-
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html
[SECURITY] [DLA 3797-1] frr security update
-
https://github.com/FRRouting/frr/pull/12951
bgpd: Fix use beyond end of stream of labeled unicast parsing by donaldsharp · Pull Request #12951 · FRRouting/frr · GitHubPatch
Jump to