CVE-2023-38802

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-38802

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38802.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-38802

Downstream

DEBIAN-CVE-2023-38802

DLA-3573-1

DSA-5495-1

RHSA-2023:5194

RHSA-2023:5195

RHSA-2023:5196

RHSA-2023:5219

RHSA-2023:5457

RHSA-2023:5464

RHSA-2023:5465

SUSE-SU-2023:3709-1

SUSE-SU-2023:3762-1

SUSE-SU-2023:3793-1

SUSE-SU-2023:3836-1

SUSE-SU-2023:3839-1

SUSE-SU-2024:4090-1

UBUNTU-CVE-2023-38802

USN-6323-1

USN-6807-1

openSUSE-SU-2024:13191-1

Related

Published

2023-08-29T16:15:09.113Z

Modified

2025-11-14T03:35:37.725387Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

References

Affected packages

Git / github.com/frrouting/frr

Affected ranges

Type: GIT
Repo: https://github.com/frrouting/frr
Events: Introduced

df7ab485bde1a511f131f7ad6b70cb43c48c8e6d

Last affected

16c38045b1a84f899da473398779cc593d82d2bd

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38802.json"