CVE-2023-46753

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9	Patch
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html
https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9	Patch
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*

History

04 Nov 2025, 17:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html -

Information

Published : 2023-10-26 05:15

Updated : 2025-11-04 17:15

NVD link : CVE-2023-46753

Mitre link : CVE-2023-46753

CVE.ORG link : CVE-2023-46753

JSON object : View

Products Affected

frrouting

frrouting

CWE

NVD-CWE-Other CWE-863

Incorrect Authorization

{"id": "CVE-2023-46753", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-10-26T05:15:26.127", "references": [{"url": "https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html", "source": "cve@mitre.org"}, {"url": "https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en FRRouting FRR hasta la versi\u00f3n 9.0.1. Puede ocurrir una falla para un mensaje de ACTUALIZACI\u00d3N BGP manipulado sin atributos obligatorios, por ejemplo, uno con solo un atributo de tr\u00e1nsito desconocido."}], "lastModified": "2025-11-04T17:15:38.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E183F4-1C38-4876-BA65-38E96CD3E5DC", "versionEndIncluding": "9.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}