Home > Vulnerability Database > CVE-2023-3748

Mend.io Vulnerability Database

CVE-2023-3748

Date: July 24, 2023

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

Language: C

Severity Score

3.5

Related Resources (5)

Url: https://access.redhat.com/security/cve/CVE-2023-3748

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2223668

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3748

Url: https://security-tracker.debian.org/tracker/CVE-2023-3748

Url: https://www.mend.io/vulnerability-database/CVE-2023-3748

Severity Score

3.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3748

Date: July 24, 2023

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?