RHEL 9 : frr (RHSA-2024:1093)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1093 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR,...

AlmaLinux 9 : frr (ALSA-2024:0477)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0477 advisory. - bgpd/bgpflowspec.c in FRRouting FRR before 8.4.3 mishandles an nlri length of zero, aka a flowspec overflow. CVE-2023-38406 - bgpd/bgplabel.c in FRRouti...

CVE-2023-38407

bgpd/bgplabel.c in FRRouting FRR before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing...

CVE-2023-38407

CVE-2023-38407 affects FRRouting (FRR): in bgpd/bgp_label.c, FRR before 8.5 may read beyond the end of the stream while parsing labeled unicast. Multiple Nessus-based advisories reference this exact issue in FRR, with fixes applied in FRR 8.5+ (e.g., as part of downstream advisories for MiracleLi...