CVE-2023-3748

LOW

Frrouting < 8.5 - Infinite Loop

Title source: rule

Description

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

References (2)

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2023-3748

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2223668

Scores

CVSS v3 3.5

EPSS 0.0007

EPSS Percentile 20.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-835

Status published

Products (1)

frrouting/frrouting < 8.5

Published Jul 24, 2023

Tracked Since Feb 18, 2026