TencentOS Server 4: frr (TSSA-2024:0036)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0036 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: frr (TSSA-2024:0606)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0606 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0073: frr (ALINUX3-SA-2023:0073)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0073 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-37032: An out-of-bounds read in the BGP...

Alibaba Cloud Linux 3 : 0141: frr (ALINUX3-SA-2024:0141)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0141 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-31490: An issue found in Frroutin...

Alibaba Cloud Linux 3 : 0120: frr (ALINUX3-SA-2023:0120)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0120 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-38802: FRRouting FRR 7.5.1 through 9.0 and...

Alibaba Cloud Linux 3 : 0086: frr (ALINUX3-SA-2024:0086)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0086 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-38406: bgpd/bgpflowspec.c in...

frr security update

An update is available for frr. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FRRouting is free software that manages TCP/IP based routing protocols. It suppor...

Linux Distros Unpatched Vulnerability : CVE-2024-55553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer...

Linux Distros Unpatched Vulnerability : CVE-2023-46752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MPREACHNLRI data, leading to a crash. CVE-2023-46752 Note that Nessus relies on...

Linux Distros Unpatched Vulnerability : CVE-2022-26126

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero- terminated binary string in isisnbnotifications.c...

Linux Distros Unpatched Vulnerability : CVE-2023-47234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and...

Linux Distros Unpatched Vulnerability : CVE-2023-46753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an...

Linux Distros Unpatched Vulnerability : CVE-2023-3748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send...

Linux Distros Unpatched Vulnerability : CVE-2023-38407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bgpd/bgplabel.c in FRRouting FRR before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. CVE-2023-38407 Note that Nessus relies...

Linux Distros Unpatched Vulnerability : CVE-2023-47235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of...

Linux Distros Unpatched Vulnerability : CVE-2022-26125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isistlvs.c. CVE-2022-26125 Note that...

Linux Distros Unpatched Vulnerability : CVE-2024-44070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV...

Azure Linux 3.0 Security Update: frr (CVE-2024-44070)

The version of frr installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44070 advisory. - An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual...

USN-7230-2: FRR vulnerabilities

Iggy Frankovic discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2024-44070 It was discovered that FRR re-validated all routes in...

ROS-20250121-04

A vulnerability in the RIB Revalidation component of a software tool that implements network routing on Unix-like FRRouting systems is related to the launch of RIB reanalysis for FRR routers. Unix-like FRRouting systems is related to triggering RIB reanalysis for FRR routers, using RTR, causing...