CVE search results

11 – 20 of 34 results

Detailed view

Sort by:

CVE-2023-47234

Medium priority

Fixed

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

2 affected packages

frr, quagga

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
frr	Fixed	Fixed	Fixed	Ignored
quagga	Not in release	Not in release	Not affected	Not affected

CVE-2023-46753

Medium priority

Some fixes available 7 of 9

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

2 affected packages

frr, quagga

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
frr	Fixed	Fixed	Fixed	Ignored
quagga	Not in release	Not in release	Fixed	Needs evaluation

CVE-2023-46752

Medium priority

Fixed

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.

2 affected packages

frr, quagga

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
frr	Fixed	Fixed	Fixed	Ignored
quagga	Not in release	Not in release	Not affected	Not affected

CVE-2023-41909

Medium priority

Fixed

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

2 affected packages

frr, quagga

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
frr	Not affected	Fixed	Fixed	Ignored
quagga	Not in release	Not in release	Not affected	Not affected

CVE-2023-41361

Medium priority

Not affected

An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

2 affected packages

frr, quagga

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
frr	—	Not affected	Not affected	Ignored
quagga	—	Not in release	Not affected	Not affected

CVE-2023-41360

Low priority

Fixed

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

2 affected packages

frr, quagga

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
frr	Not affected	Fixed	Fixed	Ignored
quagga	Not in release	Not in release	Fixed	Fixed

CVE-2023-41359

Medium priority

Not affected

An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.

2 affected packages

frr, quagga

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
frr	—	Not affected	Not affected	Ignored
quagga	—	Not in release	Not affected	Not affected

CVE-2023-41358

Medium priority

Fixed

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

2 affected packages

frr, quagga

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
frr	Not affected	Fixed	Fixed	Ignored
quagga	Not in release	Not in release	Fixed	Fixed

CVE-2023-38802

Medium priority

Fixed

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

2 affected packages

frr, quagga

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
frr	Not affected	Fixed	Fixed	Not in release
quagga	Not in release	Not in release	Not affected	Not affected

CVE-2023-3748

Medium priority

Some fixes available 1 of 2

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval...

1 affected package

frr

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
frr	—	Not affected	Not affected	Ignored

Export to JSON

Results by page:

Search CVE reports