4 matches found
CLSA-2023-1697817200 quagga: Fix of 2 CVEs
CVE-2023-41360: don't read the first byte of ORF header if we are ahead of stream - CVE-2023-41358: do not process NLRIs if the attribute length is zero...
CLSA-2023-1697816189 Fix CVE(s): CVE-2023-41360, CVE-2023-41358
SECURITY UPDATE: bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation - debian/patches/CVE-2023-41360.patch: don't read the first byte of ORF header if we are ahead of stream. - CVE-2023-41360 SECURITY UPDATE: bgpd/bgppacket.c processes NLRIs if the attribu...
SUSE SLES15: libfpm_pb0 / libospf0 / libospfapiclient0 / libquagga_pb0 / etc (SUSE-SU-2023:3839-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3839-1 advisory. - CVE-2023-38802: Fixed bad length handling in BGP attribute handling bsc1213284. - CVE-2023-41358: Fixed possible...
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
...