CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-44070 – Ubuntu Security Notice USN-7016-1
https://notcve.org/view.php?id=CVE-2024-44070
19 Aug 2024 — An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. Iggy Frankovic discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that FRR re-validated all routes in certain instances when the internal socket's buffer size overfl... • https://github.com/FRRouting/frr/pull/16497 •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-34088 – SUSE Security Advisory - SUSE-SU-2024:4090-1
https://notcve.org/view.php?id=CVE-2024-34088
30 Apr 2024 — In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service. En FRRouting (FRR) hasta 9.1, es posible que la función get_edge() en ospf_te.c en el demonio OSPF devuelva un puntero NULL. En los casos en que las funciones de llamada no manejan el valor NULL devuelto, el daemon OSPF falla, lo que lleva a la denegac... • https://github.com/FRRouting/frr/pull/15674/commits/34d704fb0ea60dc5063af477a2c11d4884984d4f • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31949
https://notcve.org/view.php?id=CVE-2024-31949
07 Apr 2024 — In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. En FRRouting (FRR) hasta 9.1, puede producirse un bucle infinito al recibir la MP/GR como una capacidad dinámica porque los datos mal formados dan como resultado que el puntero no avance. • https://github.com/FRRouting/frr/pull/15640 •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2024-31948 – Ubuntu Security Notice USN-6794-1
https://notcve.org/view.php?id=CVE-2024-31948
07 Apr 2024 — In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. En FRRouting (FRR) hasta 9.1, un atacante que utiliza un atributo SID de prefijo con formato incorrecto en un paquete de BGP UPDATE puede provocar que el daemon bgpd falle. It was discovered that FRR incorrectly handled certain malformed BGP and OSPF packets. A remote attacker could use this issue to cause FRR to crash, resulting in a denial of service, or possibly ex... • https://github.com/FRRouting/frr/pull/15628 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2024-31950 – SUSE Security Advisory - SUSE-SU-2024:4090-1
https://notcve.org/view.php?id=CVE-2024-31950
07 Apr 2024 — In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). En FRRouting (FRR) hasta 9.1, puede haber un desbordamiento del búfer y un bloqueo del daemon en ospf_te_parse_ri para paquetes OSPF LSA durante un intento de leer subTLV de enrutamiento de segmentos (su tamaño no está validado). This update for frr fixes the following issues. Fixed null pointer via get_edge ... • https://github.com/FRRouting/frr/pull/15674 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2024-31951 – SUSE Security Advisory - SUSE-SU-2024:4090-1
https://notcve.org/view.php?id=CVE-2024-31951
07 Apr 2024 — In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). En el analizador Opaque LSA Extended Link de FRRouting (FRR) hasta 9.1, puede haber un desbordamiento del búfer y una falla del daemon en ospf_te_parse_ext_link para paquetes OSPF LSA durante un intento de leer subTLV SID de adyacencia de enrutamiento d... • https://github.com/FRRouting/frr/pull/15674 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27913 – Ubuntu Security Notice USN-6679-1
https://notcve.org/view.php?id=CVE-2024-27913
28 Feb 2024 — ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field. This update for frr fixes the following issues. Fixed a denial of service issue via a malformed OSPF LSA packet. Fixed denial of service due to malformed Prefix SID attribute in BGP Update packet. • https://github.com/FRRouting/frr/pull/15431 • CWE-909: Missing Initialization of Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38406 – ffr: Flowspec overflow in bgpd/bgp_flowspec.c
https://notcve.org/view.php?id=CVE-2023-38406
06 Nov 2023 — bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." bgpd/bgp_flowspec.c en FRRouting (FRR) anterior a 8.4.3 maneja mal una longitud nlri de cero, también conocido como "flowspec overflow". A flaw was found in bgpd/bgp_flowspec.c in the FFrouting BGP protocol code. An overflow may occur while processing zero length NLRI messages. This update for frr fixes the following issues. Fixed nlri length of zero mishandling, aka "flowspec overflow". • https://github.com/FRRouting/frr/compare/frr-8.4.2...frr-8.4.3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38407 – ffr: Out of bounds read in bgpd/bgp_label.c
https://notcve.org/view.php?id=CVE-2023-38407
06 Nov 2023 — bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. bgpd/bgp_label.c en FRRouting (FRR) antes de 8.5 intenta leer más allá del final de la secuencia durante el análisis de unicast etiquetado. An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service. This update for frr fixes the following issues. Fixed nlri length of ze... • https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47234 – frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
https://notcve.org/view.php?id=CVE-2023-47234
03 Nov 2023 — An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). Se descubrió un problema en FRRouting FRR hasta 9.0.1. Puede ocurrir un bloqueo al procesar un mensaje BGP UPDATE manipulado con un atributo MP_UNREACH_NLRI y datos NLRI adicionales (que carecen de atributos de ruta obligatorios). A flaw was found in frr. • https://github.com/FRRouting/frr/pull/14716/commits/c37119df45bbf4ef713bc10475af2ee06e12f3bf •