CVE-2023-41359

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Aug 29, 2023
Updated: Dec 22, 2023
CWE ID 125

Summary

CVE-2023-41359 is a newly identified vulnerability affecting FRRouting (FRR) versions up to 9.0. This issue involves an out-of-bounds read error in the "bgp_attr_aigp_valid" function located in "bgpd/bgp_attr.c". The problem arises due to a lack of adequate checks for the availability of two bytes during Attribute Length and Identifier (AIGP) validation. If exploited, an attacker could potentially read arbitrary data from memory, leading to potential security risks and system instability. It is recommended that users upgrade to the latest version of FRR to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Frrouting
  • Fedora Operating System

Affected Vendors

  • Fedora Project