FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 38 |
| fedoraproject | fedora | 37 |
| pica8 | picos | 4.3.3.2 |
| debian | debian_linux | 12.0 |
| frrouting | frrouting | * |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 39 |