Bugzilla – Bug 1213434
VUL-0: CVE-2023-3748: frr: Inifinite loop in babld message parsing may cause DoS
Last modified: 2024-04-18 09:23:52 UTC
An issue was discovered in frr from 8.3 when parsing certain babeld unicast hello messages that were intended to be ignored. Hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set could enter an infinite loop. https://github.com/FRRouting/frr/issues/11808 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3748 https://bugzilla.redhat.com/show_bug.cgi?id=2223668
Affected packages: - SUSE:SLE-15-SP5:Update/frr - openSUSE:Factory/frr Upstream patch: https://github.com/FRRouting/frr/commit/0f46adebe43c0ba7d9cb160a63c98057fb227722.patch
SUSE-SU-2023:3709-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1213284, 1213434, 1214735, 1214739, 1215065 CVE References: CVE-2023-3748, CVE-2023-38802, CVE-2023-41358, CVE-2023-41360, CVE-2023-41909 Sources used: openSUSE Leap 15.5 (src): frr-8.4-150500.4.8.1 Server Applications Module 15-SP5 (src): frr-8.4-150500.4.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done