CVE-2023-38283

Published: 29 August 2023

In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.

Priority

Status

Package	Release	Status
openbgpd Launchpad, Ubuntu, Debian	trusty	Ignored (end of standard support)
	xenial	Ignored (end of standard support)
	bionic	Ignored (end of standard support)
	focal	Does not exist
	jammy	Needs triage
	lunar	Needs triage
	upstream	Needs triage

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38283
https://news.ycombinator.com/item?id=37305800
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig
https://www.openbsd.org/errata73.html
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›