Unrated severityNVD Advisory· Published Jul 24, 2023· Updated Sep 27, 2024

Inifinite loop in babld message parsing may cause dos

CVE-2023-3748

Description

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

Affected products

Red Hat/Enterprise Linuxcpe-rescue2 versions
cpe:/o:redhat:enterprise_linux:8+ 1 more
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
osv-coords5 versions
pkg:rpm/opensuse/frr&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/frr&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/frr&distro=openSUSE%20Tumbleweed pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5 pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6
< 8.4-150500.4.8.1+ 4 more
- (no CPE)range: < 8.4-150500.4.8.1
- (no CPE)range: < 8.5.6-150500.4.30.1
- (no CPE)range: < 8.4-5.1
- (no CPE)range: < 8.4-150500.4.8.1
- (no CPE)range: < 8.5.6-150500.4.30.1
Fedora/Fedorav5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2023-3748mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000