NULL Pointer Dereference

CVE-2023-41358

High

7.5/10

Summary

An Null Pointer Dereferencing vulnerability is discovered in FRRouting FRR prior to 8.5.3, 9.x prior to 9.0.1, and 9.1-dev. "bgpd/bgp_packet.c" processes NLRIs if the attribute length is zero.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

Advisory
Pull request

Advisory Timeline

Published Aug 29, 2023

NULL Pointer Dereference

CVE-2023-41358

Summary

CWE-476 - NULL Pointer Dereference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS