838 matches found
CVE-2023-41358
FRR CVE-2023-41358 affects the BGP daemon (bgpd) where bgp_packet.c processes NLRIs when the attribute length is zero, enabling potential DoS by malformed BGP data. Affected product: FRRouting FRR. Root cause: zero-length attribute handling in BGP NLRI processing. Impact: denial of service (crash...
CVE-2023-41361
An issue was discovered in FRRouting FRR 9.0. bgpd/bgpopen.c does not check for an overly large length of the rcv software version...
CVE-2023-41361
CVE-2023-41361 affects FRRouting FRR 9.0; the bgpd/bgp_open.c path does not check for an overly large rcv software version length, enabling a potential issue. The NVD/NIST entry confirms a critical impact (C:H/I:H/A:H). Debian/DEB LTS advisories indicate a fixed package is available in Debian; en...
CVE-2023-41360
CVE-2023-41360 – FRRouting FRR ahead-of-stream read of ORF header . The connected Nessus advisory for MiracleLinux 9 (FRR 8.x line) documents an issue in bgpd/bgp_packet.c where the initial byte of the ORF header can be read in an ahead-of-stream situation, affecting FRR releases up to 9.0. The C...
CVE-2023-41361
An issue was discovered in FRRouting FRR 9.0. bgpd/bgpopen.c does not check for an overly large length of the rcv software version...
FRRouting FRR 安全漏洞
FRRouting FRR is a suite of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in FRRouting FRR version 9.0 and earlier versions, which stems from the fact that the length of the rcv software version is not checked for excessive length...
CVE-2023-38802
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 Tunnel Encapsulation...
PT-2023-5089 · Pica8 +10 · Pica8 Picos +10
Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions 7.5.1 through 9.0 Pica8 PICOS version 4.3.3.2 PAN-OS affected versions not specified Description: The issue is related to errors in processing input data, allowing a remote attacker to cause a denial of service by sendi...
PT-2023-9204 · Unknown +7 · Frrouting Frr +7
Name of the Vulnerable Software and Affected Versions: FRRouting FRR through 9.0 Description: An issue was discovered in FRRouting FRR, where the file bgpd/bgp packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. This may allow a remote attacker to disclose...
CVE-2023-3748
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...
CVE-2023-3748
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...
CVE-2023-3748
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...
Design/Logic Flaw
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...
CVE-2023-3748
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...
CVE-2023-3748 Inifinite loop in babld message parsing may cause dos
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...
CVE-2023-3748
CVE-2023-3748 affects FRRouting (FRR) where parsing of certain babeld unicast hello messages that are intended to be ignored can be abused by sending crafted Hello messages with the unicast flag set, the interval field as 0, or a TLV containing a sub‑TLV with the Mandatory flag. This can enter an...
CVE-2023-3748 Inifinite loop in babld message parsing may cause dos
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...
USN-6240-1: FRR vulnerability
It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service...
Ubuntu 23.04 : FRR vulnerability (USN-6240-1)
The remote Ubuntu 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6240-1 advisory. It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. Tenable has extracted the...
CVE-2023-3748
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...