CVE-2023-3748
LOWFRRouting < 8.5 - Denial of Service via Malformed Babeld Unicast Hello Message
Title source: llmDescription
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.
References (2)
Core 2
Core References
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-3748
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2223668
Scores
CVSS v3
3.5
EPSS
0.0066
EPSS Percentile
46.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-835
Status
published
Products (1)
frrouting/frrouting
< 8.5
Published
Jul 24, 2023
Tracked Since
Feb 18, 2026