Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38283

In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.

Published

2023-08-29T16:15:08.960

Last Modified

2024-11-21T08:13:13.623

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-754

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openbgpd	openbgpd	< 8.1	Yes
Operating System	openbsd	openbsd	< 7.3	No
Operating System	openbsd	openbsd	7.3	No
Operating System	openbsd	openbsd	7.3	No
Operating System	openbsd	openbsd	7.3	No
Operating System	openbsd	openbsd	7.3	No
Operating System	openbsd	openbsd	7.3	No
Operating System	openbsd	openbsd	7.3	No

References

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling Exploit, Third Party Advisory ([email protected])
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig Patch ([email protected])
https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1 Release Notes ([email protected])
https://news.ycombinator.com/item?id=37305800 Mailing List ([email protected])
https://www.openbsd.org/errata73.html Release Notes ([email protected])
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=37305800 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://www.openbsd.org/errata73.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)