Source: frr Version: 8.4.4-1 Severity: important Tags: security upstream Forwarded: https://github.com/FRRouting/frr/issues/11808 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for frr. CVE-2023-3748[0]: | A flaw was found in FRRouting when parsing certain babeld unicast | hello messages that are intended to be ignored. This issue may allow | an attacker to send specially crafted hello messages with the | unicast flag set, the interval field set to 0, or any TLV that | contains a sub-TLV with the Mandatory flag set to enter an infinite | loop and cause a denial of service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3748 https://www.cve.org/CVERecord?id=CVE-2023-3748 [1] https://github.com/FRRouting/frr/issues/11808 [2] https://github.com/FRRouting/frr/commit/0a95d121ca8e1f43d41d952d6c82d111ca850085 Please adjust the affected versions in the BTS as needed. Regards, Salvatore