Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

frr: CVE-2023-38407 CVE-2023-41361 CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235

Related Vulnerabilities: CVE-2023-38407   CVE-2023-41361   CVE-2023-46752   CVE-2023-46753   CVE-2023-47234   CVE-2023-47235  

Source

Debian Bug report logs - #1055852
frr: CVE-2023-38407 CVE-2023-41361 CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235

Package: src:frr; Maintainer for src:frr is David Lamparter <equinox-debian@diac24.net>;

Reported by: Moritz Mühlenhoff <jmm@inutil.org>

Date: Sun, 12 Nov 2023 19:03:01 UTC

Severity: grave

Tags: security, upstream

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, David Lamparter <equinox-debian@diac24.net>:
Bug#1055852; Package src:frr. (Sun, 12 Nov 2023 19:03:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, David Lamparter <equinox-debian@diac24.net>. (Sun, 12 Nov 2023 19:03:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>
To: submit@bugs.debian.org
Subject: frr: CVE-2023-38407 CVE-2023-41361 CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235
Date: Sun, 12 Nov 2023 19:59:12 +0100
Source: frr
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for frr.

CVE-2023-38407[0]:
| bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read
| beyond the end of the stream during labeled unicast parsing.

https://github.com/FRRouting/frr/pull/12951
https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b (base_9.0)
https://github.com/FRRouting/frr/pull/12956
https://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f (frr-8.5)

CVE-2023-41361[1]:
| An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does
| not check for an overly large length of the rcv software version.

https://github.com/FRRouting/frr/pull/14241
Fixed by: https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840
Backport for 9.0 branch: https://github.com/FRRouting/frr/pull/14250
Fixed by: https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e

CVE-2023-46752[2]:
| An issue was discovered in FRRouting FRR through 9.0.1. It
| mishandles malformed MP_REACH_NLRI data, leading to a crash.

Fixed by: https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35 (master)
Fixed by: https://github.com/FRRouting/frr/commit/30b5c2a434d25981e16792f6f50162beb517ae4d (stable/8.5 branch)

CVE-2023-46753[3]:
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can
| occur for a crafted BGP UPDATE message without mandatory attributes,
| e.g., one with only an unknown transit attribute.

Fixed by: https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9 (master)
Fixed by: https://github.com/FRRouting/frr/commit/21418d64af11553c402f932b0311c812d98ac3e4 (stable/8.5 branch)

CVE-2023-47234[4]:
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can
| occur when processing a crafted BGP UPDATE message with a
| MP_UNREACH_NLRI attribute and additional NLRI data (that lacks
| mandatory path attributes).

https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf

CVE-2023-47235[5]:
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can
| occur when a malformed BGP UPDATE message with an EOR is processed,
| because the presence of EOR does not lead to a treat-as-withdraw
| outcome.

https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-38407
    https://www.cve.org/CVERecord?id=CVE-2023-38407
[1] https://security-tracker.debian.org/tracker/CVE-2023-41361
    https://www.cve.org/CVERecord?id=CVE-2023-41361
[2] https://security-tracker.debian.org/tracker/CVE-2023-46752
    https://www.cve.org/CVERecord?id=CVE-2023-46752
[3] https://security-tracker.debian.org/tracker/CVE-2023-46753
    https://www.cve.org/CVERecord?id=CVE-2023-46753
[4] https://security-tracker.debian.org/tracker/CVE-2023-47234
    https://www.cve.org/CVERecord?id=CVE-2023-47234
[5] https://security-tracker.debian.org/tracker/CVE-2023-47235
    https://www.cve.org/CVERecord?id=CVE-2023-47235

Please adjust the affected versions in the BTS as needed.

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 12 Nov 2023 19:33:02 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Nov 13 17:55:29 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started