11 matches found
Denial Of Service (DoS)
FRRouting/frr is vulnerable to Denial of Service DoS. This vulnerability occurs due to improper handling of the Prefix SID attribute in the bgpattrmalformed function within bgpattr.c, leading to a crash of the bgpd daemon...
CVE-2023-47235
An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...
CVE-2023-41361
An issue was discovered in FRRouting FRR 9.0. bgpd/bgpopen.c does not check for an overly large length of the rcv software version...
Oracle Linux 9 : frr (ELSA-2023-2202)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2202 advisory. 8.3.1-5 - Resolves: 2147522 - It is not possible to run FRR as a non-root user 8.3.1-4 - Resolves: 2144500 - AVC error when reloading FRR with provided reload...
Fedora 37 : frr (2023-2cb0f34efe)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2cb0f34efe advisory. New version 8.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
Authentication flaw
A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peekforas4capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS...
CVE-2022-36440
A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peekforas4capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS...
ALSA-2022:8112 Moderate: frr security, bug fix, and enhancement update
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. The following packages have been upgraded to a later upstream version: frr 8.2.2. BZ2069563 Security Fixes: frrouting: overflow bugs in...
CVE-2022-37032
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgpcapabilitymsgparse in bgpd/bgppacket.c...
FRRouting FRR Information Disclosure Vulnerability
FRRouting FRR is a set of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in the split-config feature in FRRouting FRR 7.3.1 and prior versions, which stems from the fact that when the split-config feature is used, the init script...
CVE-2019-5892
bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...