Page 4 of 26 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. Existe una lectura fuera de los límites en el daemon BGP de FRRouting FRR hasta 8.4. Al enviar un mensaje BGP OPEN con formato incorrecto que termina con el octeto de longitud de la opción (o la palabra de longitud de la opción, en el caso de un mensaje OPEN extendido), el código FRR se lee fuera de los límites del paquete, lanzando una señal SIGABRT y saliendo. • https://forescout.com https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://www.debian.org/security/2023/dsa-5495 https://access.redhat.com/security/cve/CVE-2022-43681 https://bugzilla.redhat.com/show_bug.cgi?id=2196088 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. Se encontró una afirmación accesible en Frrouting frr-bgpd 8.3.0 en la función peek_for_as4_capability. Los atacantes pueden construir maliciosamente paquetes abiertos BGP y enviarlos a pares BGP que ejecutan frr-bgpd, lo que resulta en DoS. A reachable assertion flaw was found in Frrouting frr-bgpd in the peek_for_as4_capability function. • https://github.com/spwpun/pocs https://github.com/spwpun/pocs/blob/main/frr-bgpd.md https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HU4PKLUVB5CTMOVQ2GV33TNUNMJCBGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBXEXL2ZQBWCBLNUP6P67FHECXQWSK3L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GM66PNHGCXZU66LQCTP2FSJLFF6CVMSI https:&#x • CWE-617: Reachable Assertion •

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 2

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. Una lectura fuera de límites en el demonio BGP de FRRouting FRR versiones anteriores a 8.4, puede conllevar a un fallo de segmentación y una denegación de servicio. Esto ocurre en la función bgp_capability_msg_parse en el archivo bgpd/bgp_packet.c A vulnerability was found in FRRouting. This issue occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. • https://github.com/spwpun/CVE-2022-37032 https://bugzilla.suse.com/show_bug.cgi?id=1202023 https://github.com/FRRouting/frr/commit/6d58272b4cf96f0daa846210dd2104877900f921 https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed https://lists.debian.org/debian-lts-announce/2022/11/msg00039.html https://www.debian.org/security/2023/dsa-5362 https://access.redhat.com/security/cve/CVE-2022-37032 https://bugzilla.redhat.com/show_bug.cgi?id=2128713 • CWE-125: Out-of-bounds Read •

CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 2

An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. Se ha detectado un problema en bgpd en FRRouting (FRR) 8.3. • https://docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/edit?usp=sharing https://github.com/FRRouting/frr/issues/11698 https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. Se presenta una vulnerabilidad de desbordamiento de búfer en FRRouting versiones hasta 8.1.0, debido a comprobaciones erróneas de la longitud de subtlv en las funciones, parse_hello_subtlv, parse_ihu_subtlv, y parse_update_subtlv en el archivo babeld/message.c • https://github.com/FRRouting/frr/issues/10503 https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •