CVE-2023-46752

2023-10-2600:00:00

ubuntu.com

frrouting

version 9.0.1

mp_reach_nlri

security issue

crash

network protocol vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles
malformed MP_REACH_NLRI data, leading to a crash.

Notes

Author	Note
sbeattie	the quagga project was renamed to frr
mdeslaur	quagge code doesn’t look affected, marking as not-affected

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchfrr< 7.2.1-1ubuntu0.2+esm2UNKNOWN
ubuntu22.04noarchfrr< 8.1-1ubuntu1.7UNKNOWN
ubuntu23.04noarchfrr< 8.4.2-1ubuntu1.5UNKNOWN
ubuntu23.10noarchfrr< 8.4.4-1.1ubuntu1.1UNKNOWN
ubuntu24.04noarchfrr< 8.4.4-1.1ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	frr	< 7.2.1-1ubuntu0.2+esm2	UNKNOWN
ubuntu	22.04	noarch	frr	< 8.1-1ubuntu1.7	UNKNOWN
ubuntu	23.04	noarch	frr	< 8.4.2-1ubuntu1.5	UNKNOWN
ubuntu	23.10	noarch	frr	< 8.4.4-1.1ubuntu1.1	UNKNOWN
ubuntu	24.04	noarch	frr	< 8.4.4-1.1ubuntu2	UNKNOWN