CVE-2023-38406

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 6, 2023

Updated: Apr 28, 2024

CWE ID 755

Summary

CVE-2023-38406 is a vulnerability affecting the FRRouting (FRR) software's bgpd component, specifically in the bgp_flowspec.c file, before version 8.4.3. This issue involves mishandling of an NLRI (Network Layer Reachability Information) length of zero, which results in a "flowspec overflow." This vulnerability could potentially be exploited by an attacker to cause the BGP (Border Gateway Protocol) process to crash or even gain unauthorized access to the system. It is recommended that users upgrade their FRR software to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Frrouting

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sBxnF2
https://www.cve.org/CVERecord?id=CVE-2023-38406
https://nvd.nist.gov/vuln/detail/CVE-2023-38406

Back to Vulnerability Database

CVE-2023-38406

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations