CVE-2023-46753 – frr: crafted BGP UPDATE message leading to a crash
https://notcve.org/view.php?id=CVE-2023-46753
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. Se descubrió un problema en FRRouting FRR hasta la versión 9.0.1. Puede ocurrir una falla para un mensaje de ACTUALIZACIÓN BGP manipulado sin atributos obligatorios, por ejemplo, uno con solo un atributo de tránsito desconocido. A flaw was found in FRRouting. • https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9 https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html https://access.redhat.com/security/cve/CVE-2023-46753 https://bugzilla.redhat.com/show_bug.cgi?id=2246381 • CWE-400: Uncontrolled Resource Consumption CWE-863: Incorrect Authorization •
CVE-2023-41909 – frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c
https://notcve.org/view.php?id=CVE-2023-41909
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. Se descubrió un problema en FRRouting FRR hasta 9.0. bgp_nlri_parse_flowspec en bgpd/bgp_flowspec.c. Procesa solicitudes con formato incorrecto sin atributos, conllevando una desreferencia de puntero NULL. A flaw was found in frr. Processing a malformed request with no attributes may cause a NULL pointer dereference, resulting in a denial of service. • https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8 https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://access.redhat • CWE-476: NULL Pointer Dereference •
CVE-2023-41359 – frr: out of bounds read in bgp_attr_aigp_valid
https://notcve.org/view.php?id=CVE-2023-41359
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation. Se descubrió un problema en FRRouting FRR hasta 9.0. Hay una lectura fuera de límites en bgp_attr_aigp_valid en bgpd/bgp_attr.c porque no se verifica la disponibilidad de dos bytes durante la validación AIGP. A flaw was found in FRRouting that involves a heap-based buffer overflow in the bgp_attr_aigp_valid() function within bgpd/bgp_attr.c. • https://github.com/FRRouting/frr/pull/14232 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://access.redhat.com/security/cve/CVE-2023-41359 https://bugzilla.redhat.com/show_bug.cgi?id=2235840 • CWE-125: Out-of-bounds Read •
CVE-2023-41360 – frr: ahead-of-stream read of ORF header
https://notcve.org/view.php?id=CVE-2023-41360
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. Se descubrió un problema en FRRouting FRR hasta 9.0. bgp/bgp_packet.c puede leer el byte inicial del encabezado ORF en una situación de avance de la transmisión. An out-of-bounds read flaw was found in FRRouting in bgpd/bgp_packet.c, resulting from a boundary condition. This flaw allows a remote attacker, through specially crafted input, to read the initial byte of the ORF header in an ahead-of-stream scenario. This attacker can gain information and potentially launch further attacks against the affected system. • https://github.com/FRRouting/frr/pull/14245 https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://access.redhat.com/security/cve/CVE-2023-41360 • CWE-125: Out-of-bounds Read •
CVE-2023-41361
https://notcve.org/view.php?id=CVE-2023-41361
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. Se ha descubierto un problema en FRRouting FRR v9.0. "bgpd/bgp_open.c" no comprueba una longitud excesiva de la versión de software rcv. • https://github.com/FRRouting/frr/pull/14241 https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •