CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38406 – ffr: Flowspec overflow in bgpd/bgp_flowspec.c
https://notcve.org/view.php?id=CVE-2023-38406
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." bgpd/bgp_flowspec.c en FRRouting (FRR) anterior a 8.4.3 maneja mal una longitud nlri de cero, también conocido como "flowspec overflow". A flaw was found in bgpd/bgp_flowspec.c in the FFrouting BGP protocol code. An overflow may occur while processing zero length NLRI messages. • https://github.com/FRRouting/frr/compare/frr-8.4.2...frr-8.4.3 https://github.com/FRRouting/frr/pull/12884 https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html https://access.redhat.com/security/cve/CVE-2023-38406 https://bugzilla.redhat.com/show_bug.cgi?id=2248526 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38407 – ffr: Out of bounds read in bgpd/bgp_label.c
https://notcve.org/view.php?id=CVE-2023-38407
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. bgpd/bgp_label.c en FRRouting (FRR) antes de 8.5 intenta leer más allá del final de la secuencia durante el análisis de unicast etiquetado. An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service. • https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5 https://github.com/FRRouting/frr/pull/12951 https://github.com/FRRouting/frr/pull/12956 https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html https://access.redhat.com/security/cve/CVE-2023-38407 https://bugzilla.redhat.com/show_bug.cgi?id=2248528 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47234 – frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
https://notcve.org/view.php?id=CVE-2023-47234
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). Se descubrió un problema en FRRouting FRR hasta 9.0.1. Puede ocurrir un bloqueo al procesar un mensaje BGP UPDATE manipulado con un atributo MP_UNREACH_NLRI y datos NLRI adicionales (que carecen de atributos de ruta obligatorios). A flaw was found in frr. • https://github.com/FRRouting/frr/pull/14716/commits/c37119df45bbf4ef713bc10475af2ee06e12f3bf https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html https://access.redhat.com/security/cve/CVE-2023-47234 https://bugzilla.redhat.com/show_bug.cgi?id=2248208 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47235 – frr: crash from malformed EOR-containing BGP UPDATE message
https://notcve.org/view.php?id=CVE-2023-47235
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. Se descubrió un problema en FRRouting FRR hasta 9.0.1. Puede ocurrir una caída cuando se procesa un mensaje malformado de BGP UPDATE con un EOR, porque la presencia de un EOR no conduce a un resultado de treat-as-withdraw. An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR. • https://github.com/FRRouting/frr/pull/14716/commits/6814f2e0138a6ea5e1f83bdd9085d9a77999900b https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html https://access.redhat.com/security/cve/CVE-2023-47235 https://bugzilla.redhat.com/show_bug.cgi?id=2248207 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46752 – frr: mishandled malformed data leading to a crash
https://notcve.org/view.php?id=CVE-2023-46752
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. Se descubrió un problema en FRRouting FRR hasta la versión 9.0.1. Maneja mal los datos MP_REACH_NLRI con formato incorrecto, lo que provoca un bloqueo. A data mishandling vulnerability was found in FRRouting. • https://github.com/FRRouting/frr/pull/14645/commits/b08afc81c60607a4f736f418f2e3eb06087f1a35 https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html https://access.redhat.com/security/cve/CVE-2023-46752 https://bugzilla.redhat.com/show_bug.cgi?id=2246379 • CWE-400: Uncontrolled Resource Consumption •