Description
An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.
References (3)
Core 3
Core References
Third Party Advisory
https://forescout.com
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5495
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html
Scores
CVSS v3
6.5
EPSS
0.0013
EPSS Percentile
31.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (4)
debian/debian_linux
10.0
debian/debian_linux
11.0
debian/debian_linux
12.0
frrouting/frrouting
< 8.4
Published
May 03, 2023
Tracked Since
Feb 18, 2026