CVE-2023-38407 - OpenCVE

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Frrouting	Frrouting
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
frr-0:7.5.1-13.el8_9.3	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0130	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
frr-0:7.5-11.el8_6.7	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:1113	2024-03-05T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
frr-0:7.5.1-7.el8_8.5	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:0574	2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
frr-0:8.3.1-11.el9_3.2	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:0477	2024-01-25T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
frr-0:8.0-5.el9_0.3	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:1152	2024-03-05T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
frr-0:8.3.1-5.el9_2.4	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:1093	2024-03-05T00:00:00Z

References

Link	Providers
https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5
https://github.com/FRRouting/frr/pull/12951
https://github.com/FRRouting/frr/pull/12956
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html
https://nvd.nist.gov/vuln/detail/CVE-2023-38407
https://www.cve.org/CVERecord?id=CVE-2023-38407

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-06T00:00:00

Updated: 2024-08-02T17:39:13.524Z

Reserved: 2023-07-17T00:00:00

Link: CVE-2023-38407

Vulnrichment

Updated: 2024-08-02T17:39:13.524Z

NVD

Status : Modified

Published: 2023-11-06T06:15:40.907

Modified: 2024-07-03T01:40:51.010

Link: CVE-2023-38407

Redhat

Severity : Moderate

Publid Date: 2023-03-05T00:00:00Z

Links: CVE-2023-38407 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-38407", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T17:39:13.524Z", "dateReserved": "2023-07-17T00:00:00", "datePublished": "2023-11-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-28T07:06:10.226370"}, "descriptions": [{"lang": "en", "value": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/12951"}, {"url": "https://github.com/FRRouting/frr/pull/12956"}, {"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5"}, {"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"affected": [{"vendor": "frrouting", "product": "frrouting", "cpes": ["cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "8.5", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-01T14:53:35.844035Z", "id": "CVE-2023-38407", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T20:28:40.231Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.524Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FRRouting/frr/pull/12951", "tags": ["x_transferred"]}, {"url": "https://github.com/FRRouting/frr/pull/12956", "tags": ["x_transferred"]}, {"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/FRRouting/frr/pull/12951", "tags": ["x_transferred"]}, {"url": "https://github.com/FRRouting/frr/pull/12956", "tags": ["x_transferred"]}, {"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html", "name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.524Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-38407", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-01T14:53:35.844035Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*"], "vendor": "frrouting", "product": "frrouting", "versions": [{"status": "affected", "version": "0", "lessThan": "8.5", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T15:08:37.484Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/12951"}, {"url": "https://github.com/FRRouting/frr/pull/12956"}, {"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html", "name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-28T07:06:10.226370"}}}, "cveMetadata": {"cveId": "CVE-2023-38407", "state": "PUBLISHED", "dateUpdated": "2024-08-02T17:39:13.524Z", "dateReserved": "2023-07-17T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-11-06T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB0E7F12-AAE7-48DA-B684-585BA3188B28", "versionEndExcluding": "8.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing."}, {"lang": "es", "value": "bgpd/bgp_label.c en FRRouting (FRR) antes de 8.5 intenta leer m\u00e1s all\u00e1 del final de la secuencia durante el an\u00e1lisis de unicast etiquetado."}], "id": "CVE-2023-38407", "lastModified": "2024-07-03T01:40:51.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-11-06T06:15:40.907", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/FRRouting/frr/pull/12951"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/FRRouting/frr/pull/12956"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0130", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "frr-0:7.5.1-13.el8_9.3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-01-10T00:00:00Z"}, {"advisory": "RHSA-2024:1113", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "frr-0:7.5-11.el8_6.7", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-03-05T00:00:00Z"}, {"advisory": "RHSA-2024:0574", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "frr-0:7.5.1-7.el8_8.5", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0477", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "frr-0:8.3.1-11.el9_3.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2024:1152", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "frr-0:8.0-5.el9_0.3", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-03-05T00:00:00Z"}, {"advisory": "RHSA-2024:1093", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "frr-0:8.3.1-5.el9_2.4", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-03-05T00:00:00Z"}], "bugzilla": {"description": "ffr: Out of bounds read in bgpd/bgp_label.c", "id": "2248528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248528"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.", "An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-38407", "public_date": "2023-03-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-38407\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38407\nhttps://github.com/FRRouting/frr/pull/12951\nhttps://github.com/FRRouting/frr/pull/12956"], "statement": "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.", "threat_severity": "Moderate", "upstream_fix": "ffr 8.5"}