CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...

CVE-2023-40457

Affected software: Extreme Networks ExtremeXOS (EXOS) 30.7.1.1 running BGP daemon. Issue: BGP UPDATE attribute error mishandling for path attributes 21 and 25 can allow a remote attacker (not necessarily on a directly connected network) to trigger a denial-of-service by resetting BGP sessions. Ve...

CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...

Multiple BGP implementations are vulnerable to improperly formatted BGP updates

Overview Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a BGP UPDATE. Instead of ignoring invalid updates they reset the underlying TCP connection for the BGP session and de-peer the router. This is undesirable because a session reset impac...

USN-6323-1: FRR vulnerability

Ben Cartwright-Cox discovered that FRR did not handle RFC 7606 attributes properly. A remote attacker could possibly use this to cause denial of service...

CVE-2019-5892

bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...

CVE-2019-5892

bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...

CVE-2019-5892

bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...

CVE-2019-5892

Vulnerability: CVE-2019-5892 affects FRRouting (FRR) bgpd in versions 2.x/3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2. Root cause: ENABLE_BGP_VNC handling for Virtual Network Control does not implement RFC 7606, causing BGP UPDATE packets with attribute 255 to be tr...