rpm package
suse/frr&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-41909 | — | < 7.4-150300.4.17.1 | 7.4-150300.4.17.1 | Sep 5, 2023 | An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. | ||
| CVE-2023-41358 | — | < 7.4-150300.4.17.1 | 7.4-150300.4.17.1 | Aug 29, 2023 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. | ||
| CVE-2023-38802 | — | < 7.4-150300.4.17.1 | 7.4-150300.4.17.1 | Aug 29, 2023 | FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). |
- CVE-2023-41909Sep 5, 2023affected < 7.4-150300.4.17.1fixed 7.4-150300.4.17.1
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
- CVE-2023-41358Aug 29, 2023affected < 7.4-150300.4.17.1fixed 7.4-150300.4.17.1
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
- CVE-2023-38802Aug 29, 2023affected < 7.4-150300.4.17.1fixed 7.4-150300.4.17.1
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).