CVE-2023-38802

Note

VINCE #1159
frr merged patch on 2023-08-29 bcb6b58d9 ("bgpd:
Use treat-as-withdraw for tunnel encapsulation attribute")
quagga does not implement RFC 7606
This was actually fixed in USN-6323-1, but was not listed
because of a copy/paste error

Package	Release	Status
frr Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Needs triage
	jammy	Released (8.1-1ubuntu1.5)
	lunar	Released (8.4.2-1ubuntu1.3)
	mantic	Not vulnerable (8.4.4-1.1ubuntu1)
	noble	Not vulnerable (8.4.4-1.1ubuntu1)
	trusty	Does not exist
	upstream	Released (8.4.4-1.1)
	xenial	Does not exist
	Patches: upstream: https://github.com/FRRouting/frr/commit/bcb6b58d9530173df41d3a3cbc4c600ee0b4b186
quagga Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Not vulnerable (code not present)
	jammy	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	noble	Does not exist
	trusty	Ignored (end of standard support)
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2023-38802

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading