GoogleOSV:SUSE-SU-2024:2245-1Security update for frr
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
This update for frr fixes the following issues:
- CVE-2023-38406: Fixed nlri length of zero mishandling, aka ‘flowspec overflow’. (bsc#1216900)
- CVE-2023-47235: Fixed a crash on malformed BGP UPDATE message with an EOR, because the presence of EOR does not lead to a treat-as-withdraw outcome. (bsc#1216896)
- CVE-2023-47234: Fixed a crash on crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data. (bsc#1216897)
- CVE-2023-38407: Fixed attempts to read beyond the end of the stream during labeled unicast parsing. (bsc#1216899)
References
bugzilla.suse.com/1216896
bugzilla.suse.com/1216897
bugzilla.suse.com/1216899
bugzilla.suse.com/1216900
www.suse.com/security/cve/CVE-2023-38406
www.suse.com/security/cve/CVE-2023-38407
www.suse.com/security/cve/CVE-2023-47234
www.suse.com/security/cve/CVE-2023-47235
www.suse.com/support/update/announcement/2024/suse-su-20242245-1/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low