Summary: | net-misc/frr: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | alarig, jaco, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling | ||
See Also: |
https://github.com/FRRouting/frr/issues/14289 https://github.com/FRRouting/frr/pull/14290 https://github.com/gentoo/gentoo/pull/33752 |
||
Whiteboard: | B3 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2023-08-30 07:11:30 UTC
CVE-2023-46752 (https://github.com/FRRouting/frr/pull/14645/commits/b08afc81c60607a4f736f418f2e3eb06087f1a35): An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. 9.0 patch: https://github.com/FRRouting/frr/commit/d5d6be1d854f4d26a181abc152b0f3859076af3d CVE-2023-46753 (https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9): An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. 9.0 patch: https://github.com/FRRouting/frr/commit/d5d6be1d854f4d26a181abc152b0f3859076af3d CVE-2023-41909 (https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8): An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. "through 9.0" but it seems like the patch made it in long before 9.0 was even released? CVE-2023-41361 (https://github.com/FRRouting/frr/pull/14241): An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. 9.0 Patch: https://github.com/FRRouting/frr/commit/d8238e90ab8380955a057ef036caa811ab572092 CVE-2023-41359 (https://github.com/FRRouting/frr/pull/14232): An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation. 9.0 Patch: https://github.com/FRRouting/frr/commit/f7575946c10c1ad10c9e99d71a7eb1e633d655b8 CVE-2023-41358 (https://github.com/FRRouting/frr/pull/14260): An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. 9.0 Patch: https://github.com/FRRouting/frr/commit/0c4d2fdbfd90bafadc1f6f25cf00e687672acc45 CVE-2023-41360 (https://github.com/FRRouting/frr/pull/14245): An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. 9.0 patch: https://github.com/FRRouting/frr/commit/24660906b2228ff3239cccb5fd2cb4c52ddea62d CVE-2023-3748 (https://bugzilla.redhat.com/show_bug.cgi?id=2223668): A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service. Redhat's omitted any useful references but their bug references https://github.com/FRRouting/frr/issues/11808 which in turn references https://github.com/FRRouting/frr/pull/12950, which was in master before 9.0 was released. So.. all have patches or are already fixed. Hello, Since https://github.com/gentoo/gentoo/pull/33752 have been merged, maybe we can close this bug? |