CVE-2023-41361 in FRRouting
Summary
by MITRE • 08/29/2023
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/01/2026
The vulnerability identified as CVE-2023-41361 affects FRRouting FRR version 9.0 and resides within the bgpd/bgp_open.c component of the software. This issue represents a potential denial of service vulnerability that arises from insufficient input validation during the BGP (Border Gateway Protocol) session establishment process. The flaw specifically occurs when the software receives a malformed BGP OPEN message containing an excessively large software version field, which the system fails to properly validate before processing.
The technical nature of this vulnerability stems from a lack of proper bounds checking in the BGP OPEN message handling routine. When a BGP speaker receives an OPEN message, it must parse various fields including the software version field to establish proper session parameters. In this case, the system does not validate that the received version string length remains within reasonable bounds, allowing an attacker to craft a malicious OPEN message with an abnormally large version field. This can cause the receiving BGP daemon to allocate excessive memory or enter an infinite loop during processing, ultimately leading to a denial of service condition that disrupts network connectivity and BGP session establishment.
From an operational perspective, this vulnerability poses significant risks to network infrastructure that relies on FRRouting for BGP operations. Network administrators using FRR 9.0 may find their routing daemons becoming unresponsive or crashing when processing malicious BGP OPEN messages, potentially causing widespread network disruption. The impact extends beyond simple service interruption as BGP is fundamental to internet routing operations, making this vulnerability particularly dangerous in production environments. The vulnerability can be exploited remotely without authentication, making it especially concerning for publicly accessible BGP speakers.
The flaw aligns with CWE-129, which addresses improper validation of length of input data, and represents a classic buffer overflow vulnerability pattern in network protocol implementations. This vulnerability also maps to ATT&CK technique T1499.004, which covers network denial of service attacks, and T1595.001, which involves network scanning and reconnaissance activities that could lead to exploitation. Organizations should prioritize patching this vulnerability as it affects core routing functionality and can be exploited by malicious actors to disrupt network communications. The recommended mitigation includes upgrading to a patched version of FRRouting where proper input validation has been implemented to prevent oversized version fields from causing system instability. Additionally, network administrators should consider implementing BGP message filtering and monitoring to detect anomalous OPEN messages that could indicate exploitation attempts.