An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw outcome. — CVE-2023-47235

Summary

Advisory CVE-2023-47235. An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed… Vendor: Microsoft. Source: MSRC. Threat: high. CVSS 7.5. See the official…

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability CVE-2023-36049
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2023-5345
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2023-34059
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2023-5717
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-27664
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2023-5633
• An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. CVE-2023-48105
• ASP.NET Core Denial of Service Vulnerability CVE-2023-36038
• ASP.NET Security Feature Bypass Vulnerability CVE-2023-36560
• Azure CLI REST Command Information Disclosure Vulnerability CVE-2023-36052
• Azure DevOps Server Remote Code Execution Vulnerability CVE-2023-36437
• DHCP Server Service Denial of Service Vulnerability CVE-2023-36392