Filtered by vendor Frrouting
Subscriptions
Filtered by product Frrouting
Subscriptions
Total
30 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-41360 | 4 Debian, Fedoraproject, Frrouting and 1 more | 4 Debian Linux, Fedora, Frrouting and 1 more | 2024-08-02 | 9.1 Critical |
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. | ||||
CVE-2023-41361 | 2 Debian, Frrouting | 2 Debian Linux, Frrouting | 2024-08-02 | 9.8 Critical |
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. | ||||
CVE-2023-41359 | 3 Fedoraproject, Frrouting, Redhat | 3 Fedora, Frrouting, Enterprise Linux | 2024-08-02 | 9.1 Critical |
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation. | ||||
CVE-2023-38802 | 5 Debian, Fedoraproject, Frrouting and 2 more | 9 Debian Linux, Fedora, Frrouting and 6 more | 2024-08-02 | 7.5 High |
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). | ||||
CVE-2023-38406 | 2 Frrouting, Redhat | 3 Frrouting, Enterprise Linux, Rhel Eus | 2024-08-02 | 9.8 Critical |
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." | ||||
CVE-2023-38407 | 2 Frrouting, Redhat | 3 Frrouting, Enterprise Linux, Rhel Eus | 2024-08-02 | 7.5 High |
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. | ||||
CVE-2023-31489 | 3 Fedoraproject, Frrouting, Redhat | 3 Fedora, Frrouting, Enterprise Linux | 2024-08-02 | 5.5 Medium |
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. | ||||
CVE-2023-31490 | 4 Debian, Fedoraproject, Frrouting and 1 more | 4 Debian Linux, Fedora, Frrouting and 1 more | 2024-08-02 | 7.5 High |
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. | ||||
CVE-2023-3748 | 2 Frrouting, Redhat | 2 Frrouting, Enterprise Linux | 2024-08-02 | 3.5 Low |
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service. | ||||
CVE-2024-31948 | 1 Frrouting | 1 Frrouting | 2024-08-02 | 6.5 Medium |
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. |