Search CVE reports
11 – 20 of 34 results
CVE-2023-47234
Medium priorityAn issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
2 affected packages
frr, quagga
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| frr | Fixed | Fixed | Fixed | Ignored | Ignored |
| quagga | Not in release | Not in release | Not affected | Not affected | Not affected |
CVE-2023-46753
Medium prioritySome fixes available 6 of 8
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
2 affected packages
frr, quagga
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| frr | Fixed | Fixed | Fixed | Ignored | Ignored |
| quagga | Not in release | Not in release | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-46752
Medium priorityAn issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
2 affected packages
frr, quagga
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| frr | Fixed | Fixed | Fixed | Ignored | Ignored |
| quagga | Not in release | Not in release | Not affected | Not affected | Not affected |
CVE-2023-41909
Medium priorityAn issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
2 affected packages
frr, quagga
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| frr | Not affected | Fixed | Fixed | Ignored | Ignored |
| quagga | Not in release | Not in release | Not affected | Not affected | Not affected |
CVE-2023-41361
Medium priorityAn issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
2 affected packages
frr, quagga
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| frr | — | Not affected | Not affected | Ignored | Ignored |
| quagga | — | Not in release | Not affected | Not affected | Not affected |
CVE-2023-41360
Low priorityAn issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
2 affected packages
frr, quagga
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| frr | Not affected | Fixed | Fixed | Ignored | Ignored |
| quagga | Not in release | Not in release | Fixed | Fixed | Fixed |
CVE-2023-41359
Medium priorityAn issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.
2 affected packages
frr, quagga
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| frr | — | Not affected | Not affected | Ignored | Ignored |
| quagga | — | Not in release | Not affected | Not affected | Not affected |
CVE-2023-41358
Medium priorityAn issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
2 affected packages
frr, quagga
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| frr | Not affected | Fixed | Fixed | Ignored | Ignored |
| quagga | Not in release | Not in release | Fixed | Fixed | Fixed |
CVE-2023-38802
Medium priorityFRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).
2 affected packages
frr, quagga
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| frr | Not affected | Fixed | Fixed | Not in release | Not in release |
| quagga | Not in release | Not in release | Not affected | Not affected | Not affected |
CVE-2023-3748
Medium prioritySome fixes available 1 of 2
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval...
1 affected packages
frr
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| frr | — | Not affected | Not affected | Ignored | Ignored |