VDB
CVE-2023-38407
CVE-2023-38407
PUBLISHED
Es besteht eine Schwachstelle im FRRouting-Projekt FRRouting. Dieser Fehler besteht während des labeled unicast parsing in bgpd/bgp_label.c, das versucht, über das Ende des Streams hinaus zu lesen. Ein Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
EPSS 0.21% · 42.7th percentile
Risk Scores
EPSS Score
0.21%
42.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| FRRouting Project | FRRouting Project FRRouting <8.5 | |
| Oracle | Oracle Linux | |
| SUSE | SUSE Linux | |
| Red Hat | Red Hat Enterprise Linux | |
| Ubuntu | Ubuntu Linux | |
| Debian | Debian Linux |
Timeline
- Mar 5, 2023 Fix PR Merged
- Mar 6, 2023 Fix PR Merged
- Nov 5, 2023 CVE Published
- Nov 6, 2023 EPSS Score
- Dec 7, 2023 EPSS Score
- Jan 6, 2024 EPSS Score
- Mar 7, 2024 EPSS Score
- Apr 7, 2024 EPSS Score
- May 7, 2024 EPSS Score
- Jun 8, 2024 EPSS Score
- Jul 8, 2024 EPSS Score
- Sep 7, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2822.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2822 advisory
- https://access.redhat.com/errata/RHSA-2024:0477 advisory
- https://access.redhat.com/errata/RHSA-2024:1093 advisory
- https://access.redhat.com/errata/RHSA-2024:1152 advisory
- https://access.redhat.com/errata/RHSA-2024:1113 advisory
- http://linux.oracle.com/errata/ELSA-2024-0477.html advisory
- https://access.redhat.com/errata/RHSA-2024:0574 advisory
- https://access.redhat.com/errata/RHSA-2024:0130 advisory
- http://linux.oracle.com/errata/ELSA-2024-0130.html advisory
- https://github.com/advisories/GHSA-38fw-5cvw-p8h6 advisory
- https://github.com/advisories/GHSA-5682-2jc3-w5j4 advisory
- https://github.com/advisories/GHSA-v9pv-vrqw-885r advisory
- https://ubuntu.com/security/notices/USN-6498-1 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-December/017287.html advisory
- https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html advisory
- https://ubuntu.com/security/notices/USN-6807-1 advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZSD5DV4BAQZAYRQ26BDFVK3ZZC3LHFNV/ advisory
- https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BBQ2F6B52UDKPMMML6F24O4RGXPC3B6U/ advisory