CVE-2023-34061 - Vulnerability Details - OpenCVE

Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00171.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Pivotal	Cloud Foundry Deployment Cloud Foundry Routing Release

Configuration 1 [-]

OR	cpe:2.3:a:pivotal:cloud_foundry_deployment::::::::
	cpe:2.3:a:pivotal:cloud_foundry_routing_release::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-38175	Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/

History

Tue, 03 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-01-12T07:01:49.532Z

Updated: 2025-06-03T14:05:36.784Z

Reserved: 2023-05-25T17:21:56.204Z

Link: CVE-2023-34061

Vulnrichment

Updated: 2024-08-02T16:01:53.639Z

NVD

Status : Modified

Published: 2024-01-12T07:15:11.747

Modified: 2025-06-03T14:15:29.037

Link: CVE-2023-34061

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34061", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2023-05-25T17:21:56.204Z", "datePublished": "2024-01-12T07:01:49.532Z", "dateUpdated": "2025-06-03T14:05:36.784Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Routing Release", "vendor": "Cloud Foundry", "versions": [{"lessThan": "0.284.0", "status": "affected", "version": "0.163.0", "versionType": "0.284.0"}]}, {"defaultStatus": "unaffected", "product": "CF deployment", "vendor": "Cloud Foundry", "versions": [{"lessThan": "33.6.0", "status": "affected", "version": "0.28.0", "versionType": "33.6.0"}]}], "datePublic": "2023-12-07T14:32:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.</p><br><br>"}], "value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-01-12T07:01:49.532Z"}, "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE-2023-34061 \u2013 Gorouter route pruning", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:01:53.639Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T20:10:19.266378Z", "id": "CVE-2023-34061", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T14:05:36.784Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:01:53.639Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34061", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-08T20:10:19.266378Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T20:10:21.475Z"}}], "cna": {"title": "CVE-2023-34061 \u2013 Gorouter route pruning", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Cloud Foundry", "product": "Routing Release", "versions": [{"status": "affected", "version": "0.163.0", "lessThan": "0.284.0", "versionType": "0.284.0"}], "defaultStatus": "unaffected"}, {"vendor": "Cloud Foundry", "product": "CF deployment", "versions": [{"status": "affected", "version": "0.28.0", "lessThan": "33.6.0", "versionType": "33.6.0"}], "defaultStatus": "unaffected"}], "datePublic": "2023-12-07T14:32:00.000Z", "references": [{"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.</p><br><br>", "base64": false}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-01-12T07:01:49.532Z"}}}, "cveMetadata": {"cveId": "CVE-2023-34061", "state": "PUBLISHED", "dateUpdated": "2025-06-03T14:05:36.784Z", "dateReserved": "2023-05-25T17:21:56.204Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-01-12T07:01:49.532Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*", "matchCriteriaId": "E860CEF6-3AB5-4ADF-B1A6-4D05A5F5390B", "versionEndIncluding": "33.5.0", "versionStartIncluding": "0.28.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*", "matchCriteriaId": "66D0AA37-1922-486B-86C9-59E96F1B6E1E", "versionEndIncluding": "0.283.0", "versionStartIncluding": "0.163.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n"}, {"lang": "es", "value": "Las versiones de enrutamiento de Cloud Foundry desde v0.163.0 hasta v0.283.0 son vulnerables a un ataque de DOS. Un atacante no autenticado puede utilizar esta vulnerabilidad para forzar la poda de rutas y, por lo tanto, degradar la disponibilidad del servicio de la implementaci\u00f3n de Cloud Foundry."}], "id": "CVE-2023-34061", "lastModified": "2025-06-03T14:15:29.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@vmware.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-12T07:15:11.747", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}