Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-41360
HistoryAug 29, 2023 - 12:00 a.m.

CVE-2023-41360

2023-08-2900:00:00
ubuntu.com
ubuntu.com
17
cve-2023-41360
frrouting
orf header

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

30.0%

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can
read the initial byte of the ORF header in an ahead-of-stream situation.

Notes

Author Note
Priority reason: Only exposes the initial byte.
sbeattie the quagga project was renamed to frr
OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchfrr< 7.2.1-1ubuntu0.2+esm1UNKNOWN
ubuntu22.04noarchfrr< 8.1-1ubuntu1.6UNKNOWN
ubuntu23.04noarchfrr< 8.4.2-1ubuntu1.4UNKNOWN
ubuntu18.04noarchquagga< 1.2.4-1ubuntu0.1~esm1UNKNOWN
ubuntu20.04noarchquagga< 1.2.4-4ubuntu0.1UNKNOWN
ubuntu16.04noarchquagga< 0.99.24.1-2ubuntu1.4+esm1UNKNOWN

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

30.0%