MiracleLinux 9 : frr-8.5.3-4.el9 (AXSA:2024-7889:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7889:04 advisory. frr: incorrect length check in bgpcapabilityllgr can lead do DoS CVE-2023-31489 frr: missing length check in bgpattrpsidsub can lead do DoS...

frr: ahead-of-stream read of ORF header

An out-of-bounds read flaw was found in FRRouting in bgpd/bgppacket.c, resulting from a boundary condition. This flaw allows a remote attacker, through specially crafted input, to read the initial byte of the ORF header in an ahead-of-stream scenario. This attacker can gain information and...

CLSA-2023-1697817694 quagga: Fix of 2 CVEs

CVE-2023-41360: don't read the first byte of ORF header if we are ahead of stream - CVE-2023-41358: do not process NLRIs if the attribute length is zero...

CLSA-2023-1697817200 quagga: Fix of 2 CVEs

CVE-2023-41360: don't read the first byte of ORF header if we are ahead of stream - CVE-2023-41358: do not process NLRIs if the attribute length is zero...

CLSA-2023-1697816189 Fix CVE(s): CVE-2023-41360, CVE-2023-41358

SECURITY UPDATE: bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation - debian/patches/CVE-2023-41360.patch: don't read the first byte of ORF header if we are ahead of stream. - CVE-2023-41360 SECURITY UPDATE: bgpd/bgppacket.c processes NLRIs if the attribu...

USN-6436-1: FRR vulnerabilities

It was discovered that the FRR did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. CVE-2023-41358 It was discovered that the FRR did not properly manage memory when reading initial bytes of ORF header. A remote attacke...

USN-6436-1 frr vulnerabilities

It was discovered that the FRR did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. CVE-2023-41358 It was discovered that the FRR did not properly manage memory when reading initial bytes of ORF header. A remote attacke...

USN-6432-1 quagga vulnerabilities

It was discovered that the Quagga BGP daemon did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. CVE-2023-41358 It was discovered that the Quagga BGP daemon did not properly manage memory when reading initial bytes of...

USN-6432-1: Quagga vulnerabilities

It was discovered that the Quagga BGP daemon did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. CVE-2023-41358 It was discovered that the Quagga BGP daemon did not properly manage memory when reading initial bytes of...

SUSE CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

AZL-28617 CVE-2023-41360 affecting package frr for versions less than 8.5.3-2

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

Design/Logic Flaw

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

FRRouting FRR 缓冲区错误漏洞

FRRouting FRR is a suite of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in FRRouting FRR version 9.0 and earlier. An attacker can exploit the vulnerability to read the initial bytes of the ORF header...

CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

CVE-2023-41360

CVE-2023-41360 – FRRouting FRR ahead-of-stream read of ORF header . The connected Nessus advisory for MiracleLinux 9 (FRR 8.x line) documents an issue in bgpd/bgp_packet.c where the initial byte of the ORF header can be read in an ahead-of-stream situation, affecting FRR releases up to 9.0. The C...

CVE-2023-41360

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgppacket.c can read the initial byte of the ORF header in an ahead-of-stream situation...

PT-2023-9204 · Unknown +7 · Frrouting Frr +7

Name of the Vulnerable Software and Affected Versions: FRRouting FRR through 9.0 Description: An issue was discovered in FRRouting FRR, where the file bgpd/bgp packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. This may allow a remote attacker to disclose...