CVE-2023-3748
Inifinite loop in babld message parsing may cause dos
CVSS Score
3.5
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.
| CWE | CWE-835 |
| Vendor | n/a |
| Product | frr |
| Published | Jul 24, 2023 |
| Last Updated | Sep 27, 2024 |
Stay Ahead of the Next One
Get instant alerts for n/a frr
Be the first to know when new low vulnerabilities affecting n/a frr are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected Versions
n/a / frr
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Fedora / Fedora
All versions affected