Source: frr X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for frr. CVE-2023-38407[0]: | bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read | beyond the end of the stream during labeled unicast parsing. https://github.com/FRRouting/frr/pull/12951 https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b (base_9.0) https://github.com/FRRouting/frr/pull/12956 https://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f (frr-8.5) CVE-2023-41361[1]: | An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does | not check for an overly large length of the rcv software version. https://github.com/FRRouting/frr/pull/14241 Fixed by: https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840 Backport for 9.0 branch: https://github.com/FRRouting/frr/pull/14250 Fixed by: https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e CVE-2023-46752[2]: | An issue was discovered in FRRouting FRR through 9.0.1. It | mishandles malformed MP_REACH_NLRI data, leading to a crash. Fixed by: https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35 (master) Fixed by: https://github.com/FRRouting/frr/commit/30b5c2a434d25981e16792f6f50162beb517ae4d (stable/8.5 branch) CVE-2023-46753[3]: | An issue was discovered in FRRouting FRR through 9.0.1. A crash can | occur for a crafted BGP UPDATE message without mandatory attributes, | e.g., one with only an unknown transit attribute. Fixed by: https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9 (master) Fixed by: https://github.com/FRRouting/frr/commit/21418d64af11553c402f932b0311c812d98ac3e4 (stable/8.5 branch) CVE-2023-47234[4]: | An issue was discovered in FRRouting FRR through 9.0.1. A crash can | occur when processing a crafted BGP UPDATE message with a | MP_UNREACH_NLRI attribute and additional NLRI data (that lacks | mandatory path attributes). https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf CVE-2023-47235[5]: | An issue was discovered in FRRouting FRR through 9.0.1. A crash can | occur when a malformed BGP UPDATE message with an EOR is processed, | because the presence of EOR does not lead to a treat-as-withdraw | outcome. https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-38407 https://www.cve.org/CVERecord?id=CVE-2023-38407 [1] https://security-tracker.debian.org/tracker/CVE-2023-41361 https://www.cve.org/CVERecord?id=CVE-2023-41361 [2] https://security-tracker.debian.org/tracker/CVE-2023-46752 https://www.cve.org/CVERecord?id=CVE-2023-46752 [3] https://security-tracker.debian.org/tracker/CVE-2023-46753 https://www.cve.org/CVERecord?id=CVE-2023-46753 [4] https://security-tracker.debian.org/tracker/CVE-2023-47234 https://www.cve.org/CVERecord?id=CVE-2023-47234 [5] https://security-tracker.debian.org/tracker/CVE-2023-47235 https://www.cve.org/CVERecord?id=CVE-2023-47235 Please adjust the affected versions in the BTS as needed.