Denial Of Service (DoS)

2023-10-2707:53:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libfrr.so

denial of service

bgp message

software vulnerability

router crash

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

libfrr.so is vulnerable to Denial of Service (DoS). An insecure implementation of BGP message processing allows an attacker to cause a denial-of-service (DoS) condition by sending a specially crafted BGP UPDATE message to a vulnerable router which could consume a large amount of memory and cause the router to crash.

CPENameOperatorVersion
libfrr.sole0.0.0
frr:sideq7.4-1+b1
frr:sideq7.5.1-1.1
frr:sideq7.5.1-1
libfrr.sole0.0.0
frr:sideq7.4-1+b1
frr:sideq7.5.1-1.1
frr:sideq7.5.1-1
frr:bustereq6.0.2-2+deb10u1

Name	Operator	Version
libfrr.so	le	0.0.0
frr:sid	eq	7.4-1+b1
frr:sid	eq	7.5.1-1.1
frr:sid	eq	7.5.1-1
libfrr.so	le	0.0.0
frr:sid	eq	7.4-1+b1
frr:sid	eq	7.5.1-1.1
frr:sid	eq	7.5.1-1
frr:buster	eq	6.0.2-2+deb10u1