838 matches found
CVE-2023-38406
bgpd/bgpflowspec.c in FRRouting FRR before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."...
DEBIAN-CVE-2023-38407
bgpd/bgplabel.c in FRRouting FRR before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing...
CVE-2023-38407
bgpd/bgplabel.c in FRRouting FRR before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing...
Buffer overflow
bgpd/bgpflowspec.c in FRRouting FRR before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."...
CVE-2023-38406
bgpd/bgpflowspec.c in FRRouting FRR before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."...
UBUNTU-CVE-2023-38406
bgpd/bgpflowspec.c in FRRouting FRR before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."...
Stack overflow
bgpd/bgplabel.c in FRRouting FRR before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing...
UBUNTU-CVE-2023-38407
bgpd/bgplabel.c in FRRouting FRR before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing...
FRRouting Security Vulnerabilities
FRRouting is an open source network routing software suite from the FRRouting Project that runs on Unix-like platforms. A security vulnerability exists in FRRouting FRR versions prior to 8.5 that stems from an attempt to read beyond the end of the stream during parsing...
CVE-2023-38406
bgpd/bgpflowspec.c in FRRouting FRR before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."...
CVE-2023-38406
CVE-2023-38406 affects FRRouting (FRR) in bgpd/bgp_flowspec.c, where an nlri length of zero leads to a flowspec overflow. Public references show FRR releases before 8.4.3 are vulnerable; a fix is provided in FRR 8.4.3 and later (up to 8.5.x per advisories). The vulnerability can enable a high-sev...
CVE-2023-38407
CVE-2023-38407 affects FRRouting (FRR): in bgpd/bgp_label.c, FRR before 8.5 may read beyond the end of the stream while parsing labeled unicast. Multiple Nessus-based advisories reference this exact issue in FRR, with fixes applied in FRR 8.5+ (e.g., as part of downstream advisories for MiracleLi...
CVE-2023-38407
bgpd/bgplabel.c in FRRouting FRR before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing...
CVE-2023-38407
bgpd/bgplabel.c in FRRouting FRR before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing...
CVE-2023-38406
bgpd/bgpflowspec.c in FRRouting FRR before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."...
CVE-2023-38406
bgpd/bgpflowspec.c in FRRouting FRR before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."...
CVE-2023-38407
bgpd/bgplabel.c in FRRouting FRR before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing...
CVE-2023-47235
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome...
CVE-2023-47234
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...
DEBIAN-CVE-2023-47235
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome...