838 matches found
CVE-2020-12831
CVE-2020-12831 affects FRRouting FRR up to 7.3.1. The issue arises when using the split-config feature: the init script creates an empty config file with world-readable permissions, enabling potential information leakage via tools/frr.in and tools/frrcommon.sh.in. Some sources label this as user ...
CVE-2020-12831
An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...
CVE-2020-12831
An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...
PT-2020-13279 · Frrouting +4 · Frrouting Frr +4
Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions through 7.3.1 Description: An issue was discovered in FRRouting FRR when using the split-config feature. The init script creates an empty config file with world-readable default permissions, leading to a possible...
Important: libyang security update
The libyang package provides a library for YANG data modeling language. libyang is a YANG data modelling language parser and toolkit written and providing API in C. The library is used e.g. in libnetconf2, Netopeer2, sysrepo and FRRouting projects. Security Fixes: libyang: stack-based buffer...
CVE-2019-5892
bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...
CVE-2019-5892
bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...
Design/Logic Flaw
bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...
CVE-2019-5892
bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...
CVE-2019-5892
Vulnerability: CVE-2019-5892 affects FRRouting (FRR) bgpd in versions 2.x/3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2. Root cause: ENABLE_BGP_VNC handling for Virtual Network Control does not implement RFC 7606, causing BGP UPDATE packets with attribute 255 to be tr...
CVE-2019-5892
bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...
Design/Logic Flaw
bgpd in FRRouting FRR before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes...
CVE-2017-15865
bgpd in FRRouting FRR before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes...
CVE-2017-15865
bgpd in FRRouting FRR before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes...
CVE-2017-15865
CVE-2017-15865 affects FRR (bgpd) in FRRouting before 2.0.2 and in 3.x before 3.0.2, used in Cumulus Linux before 3.4.3. A malformed BGP UPDATE from a connected peer can trigger transmission of up to thousands of unintended bytes, causing information disclosure. The issue stems from mishandled at...
CVE-2017-15865
bgpd in FRRouting FRR before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes...
CVE-2017-15865
bgpd in FRRouting FRR before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes...
PT-2017-14247 · Cumulus +2 · Cumulus Linux +2
Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions 2.0.2 and earlier, 3.x before 3.0.2 FRRouting FRR in Cumulus Linux before 3.4.3 Description: The issue allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer. Thi...