Search CVE reports

Toggle filters

11 – 20 of 57 results

CVE-2023-46753

Medium priority

Some fixes available 8 of 10

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
frr Fixed Fixed Fixed Ignored
quagga Not in release Not in release Fixed Needs evaluation
Show less packages

CVE-2023-46752

Medium priority
Fixed

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
frr Fixed Fixed Fixed Ignored
quagga Not in release Not in release Not affected Not affected
Show less packages

CVE-2023-41909

Medium priority
Fixed

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
frr Not affected Fixed Fixed Ignored
quagga Not in release Not in release Not affected Not affected
Show less packages

CVE-2023-41361

Medium priority
Not affected

An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
frr Not affected Not affected Ignored
quagga Not in release Not affected Not affected
Show less packages

CVE-2023-41360

Low priority
Fixed

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
frr Not affected Fixed Fixed Ignored
quagga Not in release Not in release Fixed Fixed
Show less packages

CVE-2023-41359

Medium priority
Not affected

An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
frr Not affected Not affected Ignored
quagga Not in release Not affected Not affected
Show less packages

CVE-2023-41358

Medium priority
Fixed

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
frr Not affected Fixed Fixed Ignored
quagga Not in release Not in release Fixed Fixed
Show less packages

CVE-2023-38802

Medium priority
Fixed

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
frr Not affected Fixed Fixed Not in release
quagga Not in release Not in release Not affected Not affected
Show less packages

CVE-2023-38407

Medium priority
Fixed

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
frr Fixed Fixed Fixed Ignored
quagga Not in release Not in release Not affected Not affected
Show less packages

CVE-2023-38406

Medium priority
Fixed

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
frr Not affected Fixed Fixed Ignored
quagga Not in release Not in release Not affected Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON