9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.8 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.1%
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
frr: incorrect length check in bgp_capability_llgr() can lead do DoS (CVE-2023-31489)
frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490)
frr: processes invalid NLRIs if attribute length is zero (CVE-2023-41358)
frr: out of bounds read in bgp_attr_aigp_valid (CVE-2023-41359)
frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c (CVE-2023-41909)
frr: mishandled malformed data leading to a crash (CVE-2023-46752)
frr: crafted BGP UPDATE message leading to a crash (CVE-2023-46753)
frr: ahead-of-stream read of ORF header (CVE-2023-41360)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 9 | s390x | frr-debuginfo | < 8.5.3-4.el9 | frr-debuginfo-8.5.3-4.el9.s390x.rpm |
RedHat | 9 | ppc64le | frr-debugsource | < 8.5.3-4.el9 | frr-debugsource-8.5.3-4.el9.ppc64le.rpm |
RedHat | 9 | ppc64le | frr-debuginfo | < 8.5.3-4.el9 | frr-debuginfo-8.5.3-4.el9.ppc64le.rpm |
RedHat | 9 | s390x | frr | < 8.5.3-4.el9 | frr-8.5.3-4.el9.s390x.rpm |
RedHat | 9 | aarch64 | frr | < 8.5.3-4.el9 | frr-8.5.3-4.el9.aarch64.rpm |
RedHat | 9 | x86_64 | frr-debugsource | < 8.5.3-4.el9 | frr-debugsource-8.5.3-4.el9.x86_64.rpm |
RedHat | 9 | x86_64 | frr | < 8.5.3-4.el9 | frr-8.5.3-4.el9.x86_64.rpm |
RedHat | 9 | ppc64le | frr | < 8.5.3-4.el9 | frr-8.5.3-4.el9.ppc64le.rpm |
RedHat | 9 | s390x | frr-debugsource | < 8.5.3-4.el9 | frr-debugsource-8.5.3-4.el9.s390x.rpm |
RedHat | 9 | noarch | frr-selinux | < 8.5.3-4.el9 | frr-selinux-8.5.3-4.el9.noarch.rpm |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.8 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.1%