Lucene search

K
redhatRedHatRHSA-2023:6434
HistoryNov 07, 2023 - 6:05 a.m.

(RHSA-2023:6434) Moderate: frr security and bug fix update

2023-11-0706:05:29
access.redhat.com
8
frrouting
free software
tcp/ip
routing protocols
bgp4
ospfv2
ospfv3
isis
rip
ripng
pim
nhrp
pbr
eigrp
bfd
reachable assertion
denial of service
crafting
bgp open message
out-of-bounds read
cve-2022-36440
cve-2022-40302
cve-2022-40318
cve-2022-43681
red hat enterprise linux 9.3 release notes

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.0%

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

Security Fix(es):

  • frr: Reachable assertion in peek_for_as4_capability function (CVE-2022-36440)

  • frr: denial of service by crafting a BGP OPEN message with an option of type 0xff (CVE-2022-40302)

  • frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff (CVE-2022-40318)

  • frr: out-of-bounds read exists in the BGP daemon of FRRouting (CVE-2022-43681)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.