{
  "threat_severity" : "Moderate",
  "public_date" : "2023-10-26T00:00:00Z",
  "bugzilla" : {
    "description" : "frr: crafted BGP UPDATE message leading to a crash",
    "id" : "2246381",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2246381"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.", "A flaw was found in FRRouting. A crash can occur for a crafted BGP UPDATE message without mandatory attributes (for example, one with only an unknown transit attribute)." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:2981",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "frr-0:7.5.1-22.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2156",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "frr-0:8.5.3-4.el9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-46753\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46753\nhttps://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9" ],
  "name" : "CVE-2023-46753",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}