frr: ahead-of-stream read of ORF header

An out-of-bounds read flaw was found in FRRouting in bgpd/bgppacket.c, resulting from a boundary condition. This flaw allows a remote attacker, through specially crafted input, to read the initial byte of the ORF header in an ahead-of-stream scenario. This attacker can gain information and...

CLSA-2023-1697817200 quagga: Fix of 2 CVEs

CVE-2023-41360: don't read the first byte of ORF header if we are ahead of stream - CVE-2023-41358: do not process NLRIs if the attribute length is zero...

CLSA-2023-1697816189 Fix CVE(s): CVE-2023-41360, CVE-2023-41358

SECURITY UPDATE: bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation - debian/patches/CVE-2023-41360.patch: don't read the first byte of ORF header if we are ahead of stream. - CVE-2023-41360 SECURITY UPDATE: bgpd/bgppacket.c processes NLRIs if the attribu...

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

...

SUSE CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

DEBIAN-CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

AZL-28617 CVE-2023-41360 affecting package frr for versions less than 8.5.3-2

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

UBUNTU-CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

CVE-2023-41360

CVE-2023-41360 – FRRouting FRR ahead-of-stream read of ORF header . The connected Nessus advisory for MiracleLinux 9 (FRR 8.x line) documents an issue in bgpd/bgp_packet.c where the initial byte of the ORF header can be read in an ahead-of-stream situation, affecting FRR releases up to 9.0. The C...

PT-2023-9204 · Unknown +7 · Frrouting Frr +7

Name of the Vulnerable Software and Affected Versions: FRRouting FRR through 9.0 Description: An issue was discovered in FRRouting FRR, where the file bgpd/bgp packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. This may allow a remote attacker to disclose...