rpm package
suse/frr&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-44070 | — | < 7.4-150300.4.29.1 | 7.4-150300.4.29.1 | Aug 19, 2024 | An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. | ||
| CVE-2024-31948 | — | < 7.4-150300.4.23.1 | 7.4-150300.4.23.1 | Apr 7, 2024 | In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. | ||
| CVE-2023-38407 | — | < 7.4-150300.4.26.1 | 7.4-150300.4.26.1 | Nov 6, 2023 | bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. | ||
| CVE-2023-38406 | — | < 7.4-150300.4.26.1 | 7.4-150300.4.26.1 | Nov 6, 2023 | bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." | ||
| CVE-2023-47235 | — | < 7.4-150300.4.26.1 | 7.4-150300.4.26.1 | Nov 3, 2023 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. | ||
| CVE-2023-47234 | — | < 7.4-150300.4.26.1 | 7.4-150300.4.26.1 | Nov 3, 2023 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). | ||
| CVE-2017-15865 | Hig | 7.5 | < 7.4-150300.4.32.1 | 7.4-150300.4.32.1 | Nov 8, 2017 | bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousan |
- CVE-2024-44070Aug 19, 2024affected < 7.4-150300.4.29.1fixed 7.4-150300.4.29.1
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
- CVE-2024-31948Apr 7, 2024affected < 7.4-150300.4.23.1fixed 7.4-150300.4.23.1
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
- CVE-2023-38407Nov 6, 2023affected < 7.4-150300.4.26.1fixed 7.4-150300.4.26.1
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
- CVE-2023-38406Nov 6, 2023affected < 7.4-150300.4.26.1fixed 7.4-150300.4.26.1
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
- CVE-2023-47235Nov 3, 2023affected < 7.4-150300.4.26.1fixed 7.4-150300.4.26.1
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
- CVE-2023-47234Nov 3, 2023affected < 7.4-150300.4.26.1fixed 7.4-150300.4.26.1
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
- affected < 7.4-150300.4.32.1fixed 7.4-150300.4.32.1
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousan