Bug 1213434 (CVE-2023-3748)

Summary: VUL-0: CVE-2023-3748: frr: Inifinite loop in babld message parsing may cause DoS
Product: [Novell Products] SUSE Security Incidents Reporter: Gianluca Gabrielli <gianluca.gabrielli>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: erico.mendonca, mardnh, mt, security-team, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/372802/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-3748:6.2:(AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Gianluca Gabrielli 2023-07-18 14:28:11 UTC 
An issue was discovered in frr from 8.3 when parsing certain babeld unicast hello messages that were intended to be ignored. Hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set could enter an infinite loop.

https://github.com/FRRouting/frr/issues/11808

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3748
https://bugzilla.redhat.com/show_bug.cgi?id=2223668
Comment 1 Gianluca Gabrielli 2023-07-18 14:29:02 UTC 
Affected packages:
 - SUSE:SLE-15-SP5:Update/frr
 - openSUSE:Factory/frr

Upstream patch: https://github.com/FRRouting/frr/commit/0f46adebe43c0ba7d9cb160a63c98057fb227722.patch
Comment 6 Maintenance Automation 2023-09-20 20:30:15 UTC 
SUSE-SU-2023:3709-1: An update that solves five vulnerabilities can now be installed.

Category: security (important)
Bug References: 1213284, 1213434, 1214735, 1214739, 1215065
CVE References: CVE-2023-3748, CVE-2023-38802, CVE-2023-41358, CVE-2023-41360, CVE-2023-41909
Sources used:
openSUSE Leap 15.5 (src): frr-8.4-150500.4.8.1
Server Applications Module 15-SP5 (src): frr-8.4-150500.4.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Marcus Meissner 2024-04-18 09:23:52 UTC 
done