INFSA-2024:2981: frr security update
Information about definition
Identificator: INFSA-2024:2981
Type: security
Release date: 2024-08-23 19:53:50 UTC
Information about package
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Vulnerabilities description
- CVE-2023-31490
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.
- CVE-2023-41358
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
- CVE-2023-41909
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
- CVE-2023-46752
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
- CVE-2023-46753
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-31490
|
no information | 7.5 | no information |
|
NIST — CVE-2023-41358
|
no information | 7.5 | no information |
|
NIST — CVE-2023-41909
|
no information | 7.5 | no information |
|
NIST — CVE-2023-46752
|
no information | 5.9 | no information |
|
NIST — CVE-2023-46753
|
no information | 5.9 | no information |
Updated packages