CVE-2023-38283 - OpenCVE

In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Openbsd	Openbsd
Openbgpd	Openbgpd

Configuration 1 [-]

AND

cpe:2.3:a:openbgpd:openbgpd:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:openbsd:openbsd::::::::
	cpe:2.3:o:openbsd:openbsd:7.3:-::::::
	cpe:2.3:o:openbsd:openbsd:7.3:errata_001::::::
	cpe:2.3:o:openbsd:openbsd:7.3:errata_002::::::
	cpe:2.3:o:openbsd:openbsd:7.3:errata_003::::::
	cpe:2.3:o:openbsd:openbsd:7.3:errata_004::::::
	cpe:2.3:o:openbsd:openbsd:7.3:errata_005::::::

References

Link	Resource
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling	Exploit Third Party Advisory
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig	Patch
https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1	Release Notes
https://news.ycombinator.com/item?id=37305800	Mailing List
https://www.openbsd.org/errata73.html	Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-29T00:00:00

Updated: 2023-08-29T15:24:54.279568

Reserved: 2023-07-14T00:00:00

Link: CVE-2023-38283

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-29T16:15:08.960

Modified: 2023-09-07T19:15:12.473

Link: CVE-2023-38283

JSON object: View

Redhat Information

No data.

CWE

CWE-754

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbgpd:openbgpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "E100F828-9002-4B76-902C-49345579AAA7", "versionEndExcluding": "8.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "131B4208-6843-40D3-8818-159D1204BD0E", "versionEndExcluding": "7.3", "vulnerable": false}, {"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:-:*:*:*:*:*:*", "matchCriteriaId": "7BAA0C9B-7CEA-4647-809F-027EB34C142E", "vulnerable": false}, {"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_001:*:*:*:*:*:*", "matchCriteriaId": "B3CC37B8-46C0-407B-8DE4-2B5BC36BA969", "vulnerable": false}, {"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_002:*:*:*:*:*:*", "matchCriteriaId": "D53FE3CA-1A90-4783-8AC2-C0B4CF6F052D", "vulnerable": false}, {"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_003:*:*:*:*:*:*", "matchCriteriaId": "9C32DD2B-BBE0-4031-B105-743E4058B4A1", "vulnerable": false}, {"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_004:*:*:*:*:*:*", "matchCriteriaId": "3F481F84-81C2-4E5F-BD60-4C46CD3DD603", "vulnerable": false}, {"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_005:*:*:*:*:*:*", "matchCriteriaId": "DCAE527B-1176-4759-B903-59A72245517B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006."}], "id": "CVE-2023-38283", "lastModified": "2023-09-07T19:15:12.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-29T16:15:08.960", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://news.ycombinator.com/item?id=37305800"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.openbsd.org/errata73.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}