CVE-2023-47235 is a vulnerability discovered in FRRouting (FRR), an open-source routing software suite widely deployed for BGP routing in internet service providers and large enterprise networks. The flaw exists in FRR versions up to 9.0.1 and is triggered when the software processes a malformed BGP UPDATE message containing an End-of-RIB (EOR) marker. Normally, an EOR message signals the completion of route advertisement and should be treated as a withdraw event if malformed. However, due to improper handling, the presence of the EOR does not lead to the expected treat-as-withdraw outcome, causing the FRR process to crash. This crash results in a denial of service (DoS) condition affecting the availability of the routing service. The vulnerability requires network-level access to send crafted BGP UPDATE messages, low attack complexity, and some privileges (PR:L) with user interaction (UI:R), indicating that an attacker with limited access could exploit this under certain conditions. There are no known exploits in the wild at the time of publication, but the impact on network stability is significant given FRR's role in routing. The CVSS 3.1 base score is 6.8, reflecting medium severity with a focus on availability impact (A:H), and limited confidentiality (C:L) and integrity (I:L) impact. This vulnerability highlights the importance of robust input validation and error handling in routing protocols to prevent service disruption.

For European organizations, especially ISPs, data centers, and enterprises relying on FRRouting for BGP routing, this vulnerability poses a risk of network outages due to denial of service. A successful exploit could crash routing daemons, causing loss of route advertisements and potentially disrupting internet connectivity or internal network communication. This could impact critical services, degrade performance, and increase operational costs due to downtime and recovery efforts. The availability impact is particularly concerning for organizations providing backbone or transit services. Additionally, network instability could have cascading effects on dependent services and customers. While confidentiality and integrity impacts are low, the disruption of routing services can indirectly affect business continuity and trust. Organizations with complex BGP deployments or those participating in internet exchange points (IXPs) are at higher risk. The lack of known exploits currently reduces immediate threat but does not eliminate the risk of future attacks leveraging this vulnerability.

1. Apply patches or updates from FRRouting maintainers as soon as they become available to address this vulnerability. 2. Implement strict filtering and validation of BGP UPDATE messages at network edges and peer routers to detect and block malformed or suspicious packets, especially those containing EOR markers. 3. Monitor BGP session stability and logs for unusual crashes or anomalies that could indicate exploitation attempts. 4. Use network segmentation and access controls to limit who can send BGP updates, reducing exposure to untrusted sources. 5. Employ redundancy in routing infrastructure to minimize impact of any single daemon crash. 6. Engage in proactive threat hunting and anomaly detection focused on BGP traffic patterns. 7. Coordinate with upstream providers and IXPs to share information about potential threats and mitigation strategies. 8. Review and harden router configurations to ensure robust error handling and resilience against malformed inputs.