Lucene search
K

838 matches found

CVE
CVE
added 2023/08/29 12:0 a.m.243 views

CVE-2023-41358

FRR CVE-2023-41358 affects the BGP daemon (bgpd) where bgp_packet.c processes NLRIs when the attribute length is zero, enabling potential DoS by malformed BGP data. Affected product: FRRouting FRR. Root cause: zero-length attribute handling in BGP NLRI processing. Impact: denial of service (crash...

7.5CVSS8.1AI score0.01058EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/29 12:0 a.m.15 views

CVE-2023-41361

An issue was discovered in FRRouting FRR 9.0. bgpd/bgpopen.c does not check for an overly large length of the rcv software version...

6.8AI score0.00773EPSS
Exploits0References2
CVE
CVE
added 2023/08/29 12:0 a.m.151 views

CVE-2023-41361

CVE-2023-41361 affects FRRouting FRR 9.0; the bgpd/bgp_open.c path does not check for an overly large rcv software version length, enabling a potential issue. The NVD/NIST entry confirms a critical impact (C:H/I:H/A:H). Debian/DEB LTS advisories indicate a fixed package is available in Debian; en...

9.8CVSS9.3AI score0.00773EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/08/29 12:0 a.m.170 views

CVE-2023-41360

CVE-2023-41360 – FRRouting FRR ahead-of-stream read of ORF header . The connected Nessus advisory for MiracleLinux 9 (FRR 8.x line) documents an issue in bgpd/bgp_packet.c where the initial byte of the ORF header can be read in an ahead-of-stream situation, affecting FRR releases up to 9.0. The C...

9.1CVSS8.8AI score0.0096EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/08/29 12:0 a.m.36 views

CVE-2023-41361

An issue was discovered in FRRouting FRR 9.0. bgpd/bgpopen.c does not check for an overly large length of the rcv software version...

9.7AI score0.00773EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/29 12:0 a.m.4 views

FRRouting FRR 安全漏洞

FRRouting FRR is a suite of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in FRRouting FRR version 9.0 and earlier versions, which stems from the fact that the length of the rcv software version is not checked for excessive length...

9.8CVSS7.5AI score0.00773EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/08/28 12:0 a.m.30 views

CVE-2023-38802

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 Tunnel Encapsulation...

7.5CVSS7.2AI score0.01437EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/08/28 12:0 a.m.4 views

PT-2023-5089 · Pica8 +10 · Pica8 Picos +10

Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions 7.5.1 through 9.0 Pica8 PICOS version 4.3.3.2 PAN-OS affected versions not specified Description: The issue is related to errors in processing input data, allowing a remote attacker to cause a denial of service by sendi...

9.8CVSS6.6AI score0.02152EPSS
Exploits10References207
Positive Technologies
Positive Technologies
added 2023/08/28 12:0 a.m.3 views

PT-2023-9204 · Unknown +7 · Frrouting Frr +7

Name of the Vulnerable Software and Affected Versions: FRRouting FRR through 9.0 Description: An issue was discovered in FRRouting FRR, where the file bgpd/bgp packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. This may allow a remote attacker to disclose...

9.8CVSS6.8AI score0.02152EPSS
Exploits4References167
ATTACKERKB
ATTACKERKB
added 2023/07/24 4:15 p.m.4 views

CVE-2023-3748

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...

7.5CVSS5.7AI score0.00662EPSS
Exploits0References3
NVD
NVD
added 2023/07/24 4:15 p.m.16 views

CVE-2023-3748

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...

7.5CVSS5.3AI score0.00662EPSS
Exploits0References2
OSV
OSV
added 2023/07/24 4:15 p.m.20 views

CVE-2023-3748

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...

7.5CVSS6.9AI score0.00662EPSS
Exploits0References2
Prion
Prion
added 2023/07/24 4:15 p.m.12 views

Design/Logic Flaw

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...

5CVSS7.2AI score0.00662EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2023/07/24 3:19 p.m.19 views

CVE-2023-3748

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...

7.5CVSS5.5AI score0.00662EPSS
Exploits0
Cvelist
Cvelist
added 2023/07/24 3:19 p.m.33 views

CVE-2023-3748 Inifinite loop in babld message parsing may cause dos

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...

3.5CVSS7.6AI score0.00662EPSS
Exploits0References2
CVE
CVE
added 2023/07/24 3:19 p.m.76 views

CVE-2023-3748

CVE-2023-3748 affects FRRouting (FRR) where parsing of certain babeld unicast hello messages that are intended to be ignored can be abused by sending crafted Hello messages with the unicast flag set, the interval field as 0, or a TLV containing a sub‑TLV with the Mandatory flag. This can enter an...

7.5CVSS5.2AI score0.00662EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/24 3:19 p.m.14 views

CVE-2023-3748 Inifinite loop in babld message parsing may cause dos

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...

3.5CVSS6.5AI score0.00662EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/07/24 1:17 p.m.44 views

USN-6240-1: FRR vulnerability

It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS6.5AI score0.00662EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/24 12:0 a.m.23 views

Ubuntu 23.04 : FRR vulnerability (USN-6240-1)

The remote Ubuntu 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6240-1 advisory. It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. Tenable has extracted the...

7.5CVSS6.4AI score0.00662EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/07/19 12:0 a.m.25 views

CVE-2023-3748

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory...

7.5CVSS6.6AI score0.00662EPSS
Exploits0References3
Rows per page
Query Builder