CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41360 – frr: ahead-of-stream read of ORF header
https://notcve.org/view.php?id=CVE-2023-41360
29 Aug 2023 — An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. Se descubrió un problema en FRRouting FRR hasta 9.0. bgp/bgp_packet.c puede leer el byte inicial del encabezado ORF en una situación de avance de la transmisión. An out-of-bounds read flaw was found in FRRouting in bgpd/bgp_packet.c, resulting from a boundary condition. This flaw allows a remote attacker, through specially crafted input, to read the initial byt... • https://github.com/FRRouting/frr/pull/14245 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41361
https://notcve.org/view.php?id=CVE-2023-41361
29 Aug 2023 — An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. Se ha descubierto un problema en FRRouting FRR v9.0. "bgpd/bgp_open.c" no comprueba una longitud excesiva de la versión de software rcv. • https://github.com/FRRouting/frr/pull/14241 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3748 – Inifinite loop in babld message parsing may cause dos
https://notcve.org/view.php?id=CVE-2023-3748
24 Jul 2023 — A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service. It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3748 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40302 – frr: denial of service by crafting a BGP OPEN message with an option of type 0xff
https://notcve.org/view.php?id=CVE-2022-40302
03 May 2023 — An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. Se descubrió un problema en bgpd en FRRouting (FRR) a través de 8.4. Al crear un mensaje BGP OPEN con una opción de tipo 0... • https://github.com/FRRouting/frr/releases • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40318 – frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff
https://notcve.org/view.php?id=CVE-2022-40318
03 May 2023 — An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack ... • https://github.com/FRRouting/frr/releases • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43681 – frr: out-of-bounds read exists in the BGP daemon of FRRouting
https://notcve.org/view.php?id=CVE-2022-43681
03 May 2023 — An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. Existe una lectura fuera de los límites en el daemon BGP de FRRouting FRR hasta 8.4. Al enviar un mensaje BGP OPEN c... • https://forescout.com • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-36440 – frr: Reachable assertion in peek_for_as4_capability function
https://notcve.org/view.php?id=CVE-2022-36440
03 Apr 2023 — A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. Se encontró una afirmación accesible en Frrouting frr-bgpd 8.3.0 en la función peek_for_as4_capability. Los atacantes pueden construir maliciosamente paquetes abiertos BGP y enviarlos a pares BGP que ejecutan frr-bgpd, lo que resulta en DoS. A reachable assertion flaw was found in Frrouting frr... • https://github.com/spwpun/pocs • CWE-617: Reachable Assertion •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 2CVE-2022-37032 – frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
https://notcve.org/view.php?id=CVE-2022-37032
19 Sep 2022 — An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. Una lectura fuera de límites en el demonio BGP de FRRouting FRR versiones anteriores a 8.4, puede conllevar a un fallo de segmentación y una denegación de servicio. Esto ocurre en la función bgp_capability_msg_parse en el archivo bgpd/bgp_packet.c A vulnerability was found in FRRouting. This issue occurs in bgp_capability_ms... • https://github.com/spwpun/CVE-2022-37032 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 2CVE-2022-37035 – Ubuntu Security Notice USN-5685-1
https://notcve.org/view.php?id=CVE-2022-37035
02 Aug 2022 — An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. Se ha detectado un problema en bgpd en FRRouting (FRR) 8.3. • https://docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/edit?usp=sharing • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26129 – Ubuntu Security Notice USN-6807-1
https://notcve.org/view.php?id=CVE-2022-26129
03 Mar 2022 — Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. Se presenta una vulnerabilidad de desbordamiento de búfer en FRRouting versiones hasta 8.1.0, debido a comprobaciones erróneas de la longitud de subtlv en las funciones, parse_hello_subtlv, parse_ihu_subtlv, y parse_update_subtlv en el archivo babeld/message.c It was discovered that FRR incorrectly handl... • https://github.com/FRRouting/frr/issues/10503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •