cve 2023 46752

CVE-2023-46752 is an input-validation vulnerability in the FRRouting (FRR) BGP implementation. The bug allows specially crafted BGP UPDATE attributes containing malformed MP_REACH_NLRI data to crash the bgpd daemon, causing a denial-of-service condition for affected routers and appliances. Patches merged into upstream FRR change the behavior from crashing to politely rejecting malformed attributes and resetting the session. Operators running unpatched releases up to and including FRR 9.0.1 remain at risk until their distributions or vendors deliver updates. This tag covers discussion of the vulnerability, its impact on BGP routing, and available patches and mitigations.