CVE-2023-46753

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute...

CVE-2023-46753

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute...

CVE-2023-46752

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MPREACHNLRI data, leading to a crash...

PT-2023-7575 · Frrouting +10 · Frrouting +10

Name of the Vulnerable Software and Affected Versions: FRRouting versions through 9.0.1 Description: An issue was discovered in FRRouting where a crash can occur for a crafted BGP UPDATE message without mandatory attributes, such as one with only an unknown transit attribute. This issue is relate...

PT-2023-7215 · Frrouting +10 · Frrouting +10

Name of the Vulnerable Software and Affected Versions: FRRouting versions through 9.0.1 Description: The issue is related to insufficient input validation in FRRouting, which can be exploited by a remote attacker to cause a denial of service. Specifically, it mishandles malformed MP REACH NLRI...

USN-6436-1: FRR vulnerabilities

It was discovered that the FRR did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. CVE-2023-41358 It was discovered that the FRR did not properly manage memory when reading initial bytes of ORF header. A remote attacke...

Ubuntu 20.04 ESM / 22.04 LTS / 23.04 : FRR vulnerabilities (USN-6436-1)

The remote Ubuntu 20.04 ESM / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6436-1 advisory. It was discovered that the FRR did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue t...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Quagga vulnerabilities (USN-6432-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6432-1 advisory. It was discovered that the Quagga BGP daemon did not properly check the attribute length in NRLI. A remote attacker could possibl...

Important: Red Hat Security Advisory: frr security update

An update for frr is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router

A vulnerability was found in FRRouting FRR. This flaw allows a remote attacker to cause a denial of service issue via a crafted BGP update with a corrupted attribute 23 Tunnel Encapsulation...

Important: Red Hat Security Advisory: frr security update

An update for frr is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impa...

Important: Red Hat Security Advisory: frr security update

An update for frr is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

CBL Mariner 2.0 Security Update: frr (CVE-2023-38802)

The version of frr installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38802 advisory. - FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service vi...

SUSE SLES15: libfpm_pb0 / libospf0 / libospfapiclient0 / libquagga_pb0 / etc (SUSE-SU-2023:3836-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3836-1 advisory. - CVE-2023-38802: Fixed bad length handling in BGP attribute handling bsc1213284. - CVE-2023-41358: Fixed possible crash when...

CBL Mariner 2.0 Security Update: frr (CVE-2023-41358)

The version of frr installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-41358 advisory. - An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c processes NLRIs if the attribute length ...

SUSE SLES15: libfpm_pb0 / libospf0 / libospfapiclient0 / libquagga_pb0 / etc (SUSE-SU-2023:3839-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3839-1 advisory. - CVE-2023-38802: Fixed bad length handling in BGP attribute handling bsc1213284. - CVE-2023-41358: Fixed possible...

SUSE SLES12: libospf0 / libospfapiclient0 / libquagga_pb0 / libzebra1 / quagga / etc (SUSE-SU-2023:3793-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3793-1 advisory. - CVE-2023-38802: Fixed bad length handling in BGP attribute handling bsc1213284. - CVE-2023-41358: Fixed possible crash when...

SUSE SLES15: frr / frr-devel / libfrr0 / libfrr_pb0 / libfrrcares0 / etc (SUSE-SU-2023:3762-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3762-1 advisory. - CVE-2023-38802: Fixed bad length handling when processing BGP attributes. bsc1213284 - CVE-2023-41358: Fixed a...

AlmaLinux 9 : frr (ALSA-2023:5194)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5194 advisory. - FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute ...

AlmaLinux 8 : frr (ALSA-2023:5219)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5219 advisory. - FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute ...