CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41360 – frr: ahead-of-stream read of ORF header
https://notcve.org/view.php?id=CVE-2023-41360
29 Aug 2023 — An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. Se descubrió un problema en FRRouting FRR hasta 9.0. bgp/bgp_packet.c puede leer el byte inicial del encabezado ORF en una situación de avance de la transmisión. An out-of-bounds read flaw was found in FRRouting in bgpd/bgp_packet.c, resulting from a boundary condition. This flaw allows a remote attacker, through specially crafted input, to read the initial byt... • https://github.com/FRRouting/frr/pull/14245 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41361
https://notcve.org/view.php?id=CVE-2023-41361
29 Aug 2023 — An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. Se ha descubierto un problema en FRRouting FRR v9.0. "bgpd/bgp_open.c" no comprueba una longitud excesiva de la versión de software rcv. • https://github.com/FRRouting/frr/pull/14241 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3748 – Inifinite loop in babld message parsing may cause dos
https://notcve.org/view.php?id=CVE-2023-3748
24 Jul 2023 — A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service. It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3748 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-31489 – frr: incorrect length check in bgp_capability_llgr() can lead do DoS
https://notcve.org/view.php?id=CVE-2023-31489
09 May 2023 — An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. A flaw was found in frr that may allow a remote attacker to cause a denial of service via the bgp_capability_llgr function. It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 23.04. • https://github.com/FRRouting/frr/issues/13098 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 1CVE-2023-31490 – frr: missing length check in bgp_attr_psid_sub() can lead do DoS
https://notcve.org/view.php?id=CVE-2023-31490
09 May 2023 — An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Un problema encontrado en Frrouting bgpd v.8.4.2 permite a un atacante remoto causar una denegación de servicio a través de la función bgp_attr_psid_sub(). A flaw was found in frr that may allow a remote attacker to cause a denial of service via the bgp_attr_psid_sub function. It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could ... • https://github.com/FRRouting/frr/issues/13099 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40302 – frr: denial of service by crafting a BGP OPEN message with an option of type 0xff
https://notcve.org/view.php?id=CVE-2022-40302
03 May 2023 — An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. Se descubrió un problema en bgpd en FRRouting (FRR) a través de 8.4. Al crear un mensaje BGP OPEN con una opción de tipo 0... • https://github.com/FRRouting/frr/releases • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40318 – frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff
https://notcve.org/view.php?id=CVE-2022-40318
03 May 2023 — An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack ... • https://github.com/FRRouting/frr/releases • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43681 – frr: out-of-bounds read exists in the BGP daemon of FRRouting
https://notcve.org/view.php?id=CVE-2022-43681
03 May 2023 — An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. Existe una lectura fuera de los límites en el daemon BGP de FRRouting FRR hasta 8.4. Al enviar un mensaje BGP OPEN c... • https://forescout.com • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-36440 – frr: Reachable assertion in peek_for_as4_capability function
https://notcve.org/view.php?id=CVE-2022-36440
03 Apr 2023 — A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. Se encontró una afirmación accesible en Frrouting frr-bgpd 8.3.0 en la función peek_for_as4_capability. Los atacantes pueden construir maliciosamente paquetes abiertos BGP y enviarlos a pares BGP que ejecutan frr-bgpd, lo que resulta en DoS. A reachable assertion flaw was found in Frrouting frr... • https://github.com/spwpun/pocs • CWE-617: Reachable Assertion •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 2CVE-2022-37032 – frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
https://notcve.org/view.php?id=CVE-2022-37032
19 Sep 2022 — An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. Una lectura fuera de límites en el demonio BGP de FRRouting FRR versiones anteriores a 8.4, puede conllevar a un fallo de segmentación y una denegación de servicio. Esto ocurre en la función bgp_capability_msg_parse en el archivo bgpd/bgp_packet.c A vulnerability was found in FRRouting. This issue occurs in bgp_capability_ms... • https://github.com/spwpun/CVE-2022-37032 • CWE-125: Out-of-bounds Read •