{
  "threat_severity" : "Moderate",
  "public_date" : "2023-11-03T00:00:00Z",
  "bugzilla" : {
    "description" : "frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message",
    "id" : "2248208",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2248208"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).", "A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data that lacks mandatory path attributes." ],
  "statement" : "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-01-10T00:00:00Z",
    "advisory" : "RHSA-2024:0130",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "frr-0:7.5.1-13.el8_9.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2024-03-05T00:00:00Z",
    "advisory" : "RHSA-2024:1113",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.6",
    "package" : "frr-0:7.5-11.el8_6.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "release_date" : "2024-01-30T00:00:00Z",
    "advisory" : "RHSA-2024:0574",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.8",
    "package" : "frr-0:7.5.1-7.el8_8.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-01-25T00:00:00Z",
    "advisory" : "RHSA-2024:0477",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "frr-0:8.3.1-11.el9_3.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2024-03-05T00:00:00Z",
    "advisory" : "RHSA-2024:1152",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0",
    "package" : "frr-0:8.0-5.el9_0.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-03-05T00:00:00Z",
    "advisory" : "RHSA-2024:1093",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "frr-0:8.3.1-5.el9_2.4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-47234\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-47234" ],
  "name" : "CVE-2023-47234",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}