FreeBSD : frr - Multiple vulnerabilities (07f0ea8c-356a-11ef-ac6d-a0423f48a938)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 07f0ea8c-356a-11ef-ac6d-a0423f48a938 advisory. [email protected] reports: In FRRouting FRR through 9.1, there are multiples vulnerabilities...

The vulnerability of the bgpd/bgp_label.c file in the networking routing implementation software for Unix-like systems allows a hacker to cause a service failure.

The vulnerability of the bgpd/bgplabel.c file in the networking routing implementation software for Unix-like systems in FRRouting is related to the inability to read data beyond the end of the stream during the analysis of marked one-way broadcasts. Exploiting this vulnerability could allow a...

The vulnerability of the network routing implementation software on Unix-like systems, related to memory release errors, allows a hacker to cause a service failure.

The vulnerability of the FRRouting software for implementing network routing on Unix-like systems is related to improper processing of the BGP UPDATE message sent with EOR. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the FRRouting software implementation for Unix-like systems lies in the existence of a loop with an unreachable exit condition. This allows a malicious actor to cause a service failure.

The vulnerability of the FRRouting software implementation on Unix-like systems lies in the fact that it sends specially crafted welcome messages with a one-to-one distribution flag, an interval field equal to 0, or any TLV containing a mandatory sub-TLV. This allows the attacker to enter an...

ROS-20240617-02

A vulnerability in the bgpd/bgpattr.c file of a software tool for implementing network routing on Unix-like FRRouting systems is related to read outside bgpattraigpvalid bounds, as there are no AIGP checks. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denia...

ROS-20240607-01

Vulnerability of bgpcapabilitymsgparse functions of a software tool for implementing network routing on Unix-like FRRouting systems is related to reading outside memory boundaries of the BGP FRRouting daemon. Unix-like systems FRRouting is related to read outside memory boundaries in the BGP...

USN-6807-1: FRR vulnerabilities

It was discovered that FRR incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. CVE-2022-26126, CVE-2022-26127, CVE-2022-26128, CVE-2022-26129, CVE-2022-37032, CVE-2022-37035, CVE-2023-31490,...

RHEL 8 : frr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - frrouting: Misusing strdup leads to stack overflow in isisnbnotifications.c CVE-2022-26126 - Buffer...

RHEL 9 : frr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - frrouting: Misusing strdup leads to stack overflow in isisnbnotifications.c CVE-2022-26126 Note that Nessus has not...

USN-6794-1: FRR vulnerabilities

It was discovered that FRR incorrectly handled certain malformed BGP and OSPF packets. A remote attacker could use this issue to cause FRR to crash, resulting in a denial of service, or possibly execute arbitrary code...

frr: mishandled malformed data leading to a crash

A data mishandling vulnerability was found in FRRouting. A malformed MPREACHNLRI data can lead to a crash, resulting in a denial of service...

frr: crafted BGP UPDATE message leading to a crash

A flaw was found in FRRouting. A crash can occur for a crafted BGP UPDATE message without mandatory attributes for example, one with only an unknown transit attribute...

Moderate: Red Hat Security Advisory: frr security update

An update for frr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

ALSA-2024:2981 Moderate: frr security update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fixes: frr: missing length check in bgpattrpsidsub can lead do DoS CVE-2023-31490 frr: processes invalid NLRIs if attribute length is...

Moderate: frr security update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fixes: frr: missing length check in bgpattrpsidsub can lead do DoS CVE-2023-31490 frr: processes invalid NLRIs if attribute length is...

RHEL 9 : frrouting (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - frrouting: Misusing strdup leads to stack overflow in isisnbnotifications.c CVE-2022-26126 Note that Nessus has not...

RHEL 8 : frrouting (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - frrouting: Misusing strdup leads to stack overflow in isisnbnotifications.c CVE-2022-26126 - Buffer...

Oracle Linux 9 : frr (ELSA-2024-2156)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2156 advisory. 8.5.3-4 - Resolves: RHEL-14825 - crafted BGP UPDATE message leading to a crash 8.5.3-3 - Resolves: RHEL-14822 - mishandled malformed data leading to a...

SUSE CVE-2024-34088

In FRRouting FRR through 9.1, it is possible for the getedge function in ospfte.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service...

CVE-2024-34088

A flaw was found in FRRouting FRR. Some functions do not check the return value of the getedge function in the ospfd/ospfte.c file, allowing a NULL pointer dereference, causing a crash in the OSPF daemon, resulting in a denial of service. Mitigation Mitigation for this issue is either not availab...