A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.
Looks like there's another unpublished "vulnerability" irresponsibly
disclosed in this person's Github account, a heap buffer overread:
Reported upstream at: https://github.com/FRRouting/frr/issues/13202
The bug has been referenced in the following commit(s):
Author: Jakov Smolić <email@example.com>
AuthorDate: 2023-04-04 08:03:36 +0000
Commit: Jakov Smolić <firstname.lastname@example.org>
CommitDate: 2023-04-04 08:06:18 +0000
net-misc/frr: add 8.5
Signed-off-by: Jakov Smolić <email@example.com>
net-misc/frr/Manifest | 1 +
net-misc/frr/frr-8.5.ebuild | 149 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 150 insertions(+)
Fixed in 8.4 onwards according to upstream.