CVE-2023-31489: 
Alma Linux vulnerability analysis and mitigation

A vulnerability identified as CVE-2023-31489 was discovered in Frrouting bgpd version 8.4.2. The vulnerability allows remote attackers to cause a denial of service through the bgpcapabilityllgr() function. This issue was assigned a CVSS v3.1 base score of 5.5 (Medium) (NVD).

The vulnerability stems from an incorrect length check in the bgpcapabilityllgr() function. According to the draft document, the capability value should consist of 7 bytes, but the code only checks for 4 bytes. The capability value structure includes Address Family Identifier (16 bits), Subsequent Address Family Identifier (8 bits), Flags for Address Family (8 bits), and Long-lived Stale Time (24 bits) (GitHub Issue).

When exploited, this vulnerability can lead to a denial of service condition in the affected FRRouting bgpd service. The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating high impact on availability while maintaining no impact on confidentiality and integrity (NVD).

The vulnerability has been addressed in FRR version 8.5.3. Users are advised to upgrade to this version or later. The fix has been incorporated into various distributions including Fedora 37, 38, and 39 through their respective security updates (Fedora Update).