CVE-2023-3748

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 24, 2023

Updated: Nov 7, 2023

CWE ID 835

Summary

CVE-2023-3748 is a denial-of-service vulnerability affecting FRRouting, an open-source routing software. The flaw is triggered by processing specific babeld unicast hello messages with certain malicious attributes, including the unicast flag set, an interval field of 0, and specific TLVs with Mandatory flags. Attackers can exploit this vulnerability to cause FRRouting to enter an infinite loop, leading to a denial-of-service condition.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Frrouting

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sCKBmT
https://www.cve.org/CVERecord?id=CVE-2023-3748
https://nvd.nist.gov/vuln/detail/CVE-2023-3748

Back to Vulnerability Database

CVE-2023-3748

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations