2223668 – (CVE-2023-3748) CVE-2023-3748 frr: Inifinite loop in babld message parsing may cause DoS

Bug 2223668 (CVE-2023-3748) - CVE-2023-3748 frr: Inifinite loop in babld message parsing may cause DoS

Summary: CVE-2023-3748 frr: Inifinite loop in babld message parsing may cause DoS

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-3748
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2223673
Blocks:	2189456
TreeView+	depends on / blocked

Reported:	2023-07-18 13:35 UTC by Zack Miele
Modified:	2023-08-01 12:27 UTC (History)
CC List:	1 user (show)
Fixed In Version:	frr 8.5
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.
Clone Of:
Environment:
Last Closed:	2023-08-01 12:27:30 UTC
Embargoed:

Attachments	(Terms of Use)

Description Zack Miele 2023-07-18 13:35:09 UTC

An issue was discovered in frr from 8.3 when parsing certain babeld unicast hello messages that were intended to be ignored. Hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set could enter an infinite loop.

https://github.com/FRRouting/frr/issues/11808

Comment 2 Michal Ruprich 2023-07-19 14:13:46 UTC

We do not ship babeld with our FRR package in RHEL. I am closing this bug report since it does not affect our package in RHEL.

Comment 3 Michal Ruprich 2023-07-19 14:15:02 UTC

Sorry, accidentally closed a bug for Security response. Apologies. Opening the bug and closing the bug for FRR instead.

Comment 4 Product Security DevOps Team 2023-08-01 12:27:28 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-3748

Note You need to log in before you can comment on or make changes to this bug.