CVE-2023-38802
Closed, DuplicatePublicBUG
Actions

Assigned To

Authored By

	danhusan
	Aug 29 2023, 6:37 PM

Description

https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

FRR Impact (and other downstream vendors)

FRR attempts to handle bad attributes using RFC 7606 behaviour. However the fuzzer discovered that a corrupted attribute 23 (Tunnel Encapsulation) will cause a session to go down regardless.

Fix: https://github.com/FRRouting/frr/issues/14289

Details

Difficulty level: Unknown (require assessment)
Version: 1.3.3
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Unspecified (please specify)

Event Timeline

danhusan created this task.Aug 29 2023, 6:37 PM

Fixed in https://github.com/FRRouting/frr/pull/14290

syncer assigned this task to v.huti.Aug 29 2023, 10:08 PM

syncer triaged this task as High priority.

This also affects latest rolling release as of 1.4-rolling-202308240020 which is available @vyos.io

I assume backports will be used once VyOS 1.3.4 gets compiled?

Any ETA for VyOS 1.3.4?

Which VyOS 1.4-rolling will have the fixes made by FRRouting?

syncer reassigned this task from v.huti to c-po.Sep 12 2023, 11:16 PM

syncer added a subscriber: v.huti.

c-po closed this task as a duplicate of T5557: bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802.Sep 13 2023, 6:15 AM

Which VyOS 1.4-rolling will have the fixes made by FRRouting?

lasted 1.4 and 1.5, also latest custom build 1.3 image already has the fix. 1.3.4 release is in the making

pasik added a subscriber: pasik.Sep 13 2023, 8:05 AM

CVE-2023-38802Closed, DuplicatePublicBUGActions

Description

Details

Event Timeline

CVE-2023-38802
Closed, DuplicatePublicBUG
Actions