Vulnerabilities > CVE-2023-38283 - Improper Check for Unusual or Exceptional Conditions vulnerability in Openbgpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 7 |
Common Weakness Enumeration (CWE)
References
- https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
- https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig
- https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1
- https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1
- https://news.ycombinator.com/item?id=37305800
- https://news.ycombinator.com/item?id=37305800
- https://www.openbsd.org/errata73.html
- https://www.openbsd.org/errata73.html