Lucene search

K
cloudlinuxCloudLinuxCLSA-2023:1697817200
HistoryOct 20, 2023 - 3:53 p.m.

quagga: Fix of 2 CVEs

2023-10-2015:53:24
repo.cloudlinux.com
19
quagga
fix
cve-2023-41360
cve-2023-41358
nlris
attribute length
security
patch
vulnerability

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

31.8%

  • CVE-2023-41360: don’t read the first byte of ORF header if we are ahead of
    stream
  • CVE-2023-41358: do not process NLRIs if the attribute length is zero

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

31.8%