CVE-2023-47234 — Vulnetix

CVE-2023-47234 PUBLISHED

Es bestehen mehrere Schwachstellen im FRRouting-Projekt FRRouting. Diese Fehler bestehen im BGP UPDATE Prozess. Durch das Hochladen einer manipulierten Update-Meldung kann ein Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.

EPSS 0.19% · 40.8th percentile

Risk Scores

EPSS Score

0.19%

40.8th percentile

Affected Products

Vendor	Product	Versions
FRRouting Project	FRRouting Project FRRouting <8.5
Ubuntu	Ubuntu Linux
Red Hat	Red Hat Enterprise Linux
SUSE	SUSE Linux
Debian	Debian Linux
FRRouting Project	FRRouting Project FRRouting <9.0.1
Oracle	Oracle Linux

Exploit Intelligence

https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html (circl)
https://github.com/FRRouting/frr/pull/14716/commits/c37119df45bbf4ef713bc10475af2ee06e12f3bf (circl)
[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update (circl)

Timeline

Nov 2, 2023 Fix PR Merged
Nov 3, 2023 CVE Published
Nov 4, 2023 EPSS Score
Dec 5, 2023 EPSS Score
Jan 4, 2024 EPSS Score
Feb 4, 2024 EPSS Score
Mar 5, 2024 EPSS Score
Apr 5, 2024 EPSS Score
May 6, 2024 EPSS Score
Jun 5, 2024 EPSS Score
Aug 5, 2024 EPSS Score
Sep 5, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2822.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2822 advisory
https://access.redhat.com/errata/RHSA-2024:0477 advisory
https://access.redhat.com/errata/RHSA-2024:1093 advisory
https://access.redhat.com/errata/RHSA-2024:1152 advisory
https://access.redhat.com/errata/RHSA-2024:1113 advisory
http://linux.oracle.com/errata/ELSA-2024-0477.html advisory
https://access.redhat.com/errata/RHSA-2024:0574 advisory
https://access.redhat.com/errata/RHSA-2024:0130 advisory
http://linux.oracle.com/errata/ELSA-2024-0130.html advisory
https://github.com/advisories/GHSA-38fw-5cvw-p8h6 advisory
https://github.com/advisories/GHSA-5682-2jc3-w5j4 advisory
https://github.com/advisories/GHSA-v9pv-vrqw-885r advisory
https://ubuntu.com/security/notices/USN-6498-1 advisory
https://lists.suse.com/pipermail/sle-security-updates/2023-December/017287.html advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html advisory
https://ubuntu.com/security/notices/USN-6807-1 advisory
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZSD5DV4BAQZAYRQ26BDFVK3ZZC3LHFNV/ advisory
https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html advisory
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BBQ2F6B52UDKPMMML6F24O4RGXPC3B6U/ advisory

Open in Interactive Console →