PT-2023-9206 · Frrouting +9 · Frrouting +9

Name of the Vulnerable Software and Affected Versions: FRRouting versions prior to 8.5 Description: The issue is related to the bgpd/bgp label.c file in FRRouting, which attempts to read beyond the end of the stream during labeled unicast parsing. This can be exploited by a remote attacker to cau...

US Border Protection Is Finally Able to Check E-Passport Data

After 16 years, the agency has implemented the software to cryptographically verify digital passport data—and it’s already caught a dozen alleged fraudsters...

SUSE CVE-2003-0432

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the 1 BGP, 2 WTP, 3 DNS, 4 802.11, 5 ISAKMP, 6 WSP, 7 CLNP, 8 ISIS, and 9 RMI dissectors...

SUSE CVE-2005-1267

The bgpupdateprint function in tcpdump 3.x does not properly handle a -1 return value from the decodeprefix4 function, which allows remote attackers to cause a denial of service infinite loop via a crafted BGP packet...

SUSE CVE-2005-1279

tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service infinite loop via a crafted 1 BGP packet, which is not properly handled by RTROUTINGINFO, or 2 LDP packet, which is not properly handled by the ldpprint function...

SUSE CVE-2007-3798

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value...

SUSE CVE-2010-2948

Stack-based buffer overflow in the bgprouterefreshreceive function in bgppacket.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a malformed Outbound Route Filtering ORF record in a BGP...

SUSE CVE-2010-2949

bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an unknown AS type in an AS path attribute in a BGP UPDATE message...

SUSE CVE-2011-3327

Heap-based buffer overflow in the ecommunityecom2str function in bgpecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4...

SUSE CVE-2012-1820

The bgpcapabilityorf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service assertion failure and daemon exit by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering ORF capability TLV in an OPEN message...

SUSE CVE-2013-6051

The bgpattrunknown function in bgpattr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service bgpd crash via a crafted BGP update...

SUSE CVE-2016-9933

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library aka libgd before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service segmentation violation via a crafted imagefilltoborder call that...

SUSE CVE-2017-13046

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgpattrprint...

SUSE CVE-2017-13053

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decodertroutinginfo...

SUSE CVE-2017-16227

The aspathput function in bgpd/bgpaspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service session drop via BGP UPDATE messages, because ASPATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message...

SUSE CVE-2018-5380

The Quagga BGP daemon bgpd prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input...

SUSE CVE-2018-5381

The Quagga BGP daemon bgpd prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgppacket.c:bgpcapabilitymsgparse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI,...

SUSE CVE-2018-14467

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgpcapabilitiesprint BGPCAPCODEMP...

SUSE CVE-2018-16230

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgpattrprint MPREACHNLRI...

SUSE CVE-2020-36278

Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c...