Home > Vulnerability Database > CVE-2023-3748

Mend.io Vulnerability Database

CVE-2023-3748

Good to know:

Date: July 24, 2023

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

Language: C

Severity Score

7.5

Related Resources (6)

Url: https://access.redhat.com/security/cve/CVE-2023-3748

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2223668

Url: https://github.com/FRRouting/frr/commit/0a95d121ca8e1f43d41d952d6c82d111ca850085

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3748

Url: https://security-tracker.debian.org/tracker/CVE-2023-3748

Url: https://www.mend.io/vulnerability-database/CVE-2023-3748

Severity Score

7.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

Upgrade Version

Upgrade to version frr-8.5

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3748

Good to know:

Date: July 24, 2023

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?