CVE-2024-31950 In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). CVE-2024-31951 In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). CVE-2024-31949 In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. CVE-2024-44070 An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. (We believe Mikrotik's RouterOS7 7.16 triggers this one.) Reproducible: Always
(No need for the bug to be private if the vulns are public)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7800989084810e6f4f07971406c29c99f2852832 commit 7800989084810e6f4f07971406c29c99f2852832 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2024-10-02 10:31:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-10-04 08:11:48 +0000 net-misc/frr: add 9.1.2 (security) CVE-2024-31950 CVE-2024-31951 CVE-2024-31949 CVE-2024-44070 Closes: https://bugs.gentoo.org/907879 Closes: https://bugs.gentoo.org/872323 Closes: https://bugs.gentoo.org/894076 Bug: https://bugs.gentoo.org/940744 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Reviewed-by: Alarig Le Lay <alarig@swordarmor.fr> Signed-off-by: Sam James <sam@gentoo.org> net-misc/frr/Manifest | 1 + net-misc/frr/frr-9.1.2.ebuild | 147 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 148 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36fd816e93e82764783b0f1d7d74f252c5e77863 commit 36fd816e93e82764783b0f1d7d74f252c5e77863 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2024-10-02 10:24:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-10-04 08:11:47 +0000 net-misc/frr: add 9.0.4 (CVE-2024-31950, CVE-2024-31951, CVE-2024-44070) Bug: https://bugs.gentoo.org/907879 Bug: https://bugs.gentoo.org/872323 Bug: https://bugs.gentoo.org/894076 Bug: https://bugs.gentoo.org/940744 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Reviewed-by: Alarig Le Lay <alarig@swordarmor.fr> Signed-off-by: Sam James <sam@gentoo.org> net-misc/frr/Manifest | 1 + net-misc/frr/frr-9.0.4.ebuild | 156 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 157 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07bd8b82d5f9e356618942dd3c25f8e4aa9de746 commit 07bd8b82d5f9e356618942dd3c25f8e4aa9de746 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2024-10-04 13:11:18 +0000 Commit: Eli Schwartz <eschwartz@gentoo.org> CommitDate: 2024-10-07 03:23:58 +0000 net-misc/frr: drop 9.0.2, 9.1, 9.1-r1 Remove security affected versions. Bug: https://bugs.gentoo.org/940744 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/38876 Signed-off-by: Eli Schwartz <eschwartz@gentoo.org> net-misc/frr/Manifest | 2 - net-misc/frr/frr-9.0.2.ebuild | 150 ----------------------------------------- net-misc/frr/frr-9.1-r1.ebuild | 141 -------------------------------------- net-misc/frr/frr-9.1.ebuild | 140 -------------------------------------- 4 files changed, 433 deletions(-)
