Search CVE reports


Toggle filters

11 – 20 of 56 results


CVE-2023-47234

Medium priority
Fixed

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
frr Fixed Fixed Fixed Ignored Ignored
quagga Not in release Not in release Not affected Not affected Not affected
Show less packages

CVE-2023-46753

Medium priority

Some fixes available 7 of 9

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
frr Fixed Fixed Fixed Ignored Ignored
quagga Not in release Not in release Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2023-46752

Medium priority
Fixed

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
frr Fixed Fixed Fixed Ignored Ignored
quagga Not in release Not in release Not affected Not affected Not affected
Show less packages

CVE-2023-41909

Medium priority
Fixed

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
frr Not affected Fixed Fixed Ignored Ignored
quagga Not in release Not in release Not affected Not affected Not affected
Show less packages

CVE-2023-41361

Medium priority
Not affected

An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
frr Not affected Not affected Ignored Ignored
quagga Not in release Not affected Not affected Not affected
Show less packages

CVE-2023-41360

Low priority
Fixed

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
frr Not affected Fixed Fixed Ignored Ignored
quagga Not in release Not in release Fixed Fixed Fixed
Show less packages

CVE-2023-41359

Medium priority
Not affected

An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
frr Not affected Not affected Ignored Ignored
quagga Not in release Not affected Not affected Not affected
Show less packages

CVE-2023-41358

Medium priority
Fixed

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
frr Not affected Fixed Fixed Ignored Ignored
quagga Not in release Not in release Fixed Fixed Fixed
Show less packages

CVE-2023-38802

Medium priority
Fixed

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
frr Not affected Fixed Fixed Not in release Not in release
quagga Not in release Not in release Not affected Not affected Not affected
Show less packages

CVE-2022-37032

Medium priority

Some fixes available 8 of 10

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

2 affected packages

frr, quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
frr Fixed Fixed Fixed Not in release Ignored
quagga Not in release Not in release Fixed Vulnerable Vulnerable
Show less packages