Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-38407 (GCVE-0-2023-38407)
Vulnerability from cvelistv5 – Published: 2023-11-06 00:00 – Updated: 2025-11-04 16:10
VLAI?
EPSS
Summary
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "frrouting",
"vendor": "frrouting",
"versions": [
{
"lessThan": "8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-38407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T14:53:35.844035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T20:28:40.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:15.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FRRouting/frr/pull/12951"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FRRouting/frr/pull/12956"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5"
},
{
"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-28T07:06:10.226Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FRRouting/frr/pull/12951"
},
{
"url": "https://github.com/FRRouting/frr/pull/12956"
},
{
"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5"
},
{
"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38407",
"datePublished": "2023-11-06T00:00:00.000Z",
"dateReserved": "2023-07-17T00:00:00.000Z",
"dateUpdated": "2025-11-04T16:10:15.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-38407",
"date": "2026-05-20",
"epss": "0.00205",
"percentile": "0.42489"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.5\", \"matchCriteriaId\": \"AB0E7F12-AAE7-48DA-B684-585BA3188B28\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.\"}, {\"lang\": \"es\", \"value\": \"bgpd/bgp_label.c en FRRouting (FRR) antes de 8.5 intenta leer m\\u00e1s all\\u00e1 del final de la secuencia durante el an\\u00e1lisis de unicast etiquetado.\"}]",
"id": "CVE-2023-38407",
"lastModified": "2024-11-21T08:13:30.293",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-11-06T06:15:40.907",
"references": "[{\"url\": \"https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/FRRouting/frr/pull/12951\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/FRRouting/frr/pull/12956\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/FRRouting/frr/pull/12951\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/FRRouting/frr/pull/12956\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-38407\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-11-06T06:15:40.907\",\"lastModified\":\"2025-11-04T17:15:37.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.\"},{\"lang\":\"es\",\"value\":\"bgpd/bgp_label.c en FRRouting (FRR) antes de 8.5 intenta leer m\u00e1s all\u00e1 del final de la secuencia durante el an\u00e1lisis de unicast etiquetado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.5\",\"matchCriteriaId\":\"AB0E7F12-AAE7-48DA-B684-585BA3188B28\"}]}]}],\"references\":[{\"url\":\"https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FRRouting/frr/pull/12951\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FRRouting/frr/pull/12956\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FRRouting/frr/pull/12951\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FRRouting/frr/pull/12956\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/FRRouting/frr/pull/12951\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/FRRouting/frr/pull/12956\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html\", \"name\": \"[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T16:10:15.810Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-38407\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-01T14:53:35.844035Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*\"], \"vendor\": \"frrouting\", \"product\": \"frrouting\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"8.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-01T15:08:37.484Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/FRRouting/frr/pull/12951\"}, {\"url\": \"https://github.com/FRRouting/frr/pull/12956\"}, {\"url\": \"https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html\", \"name\": \"[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-04-28T07:06:10.226Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-38407\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T16:10:15.810Z\", \"dateReserved\": \"2023-07-17T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-11-06T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2024:0130
Vulnerability from osv_almalinux
Published
2024-01-10 00:00
Modified
2024-01-16 16:44
Summary
Moderate: frr security update
Details
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
- ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)
- ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)
- frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)
- frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "frr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.5.1-13.el8_9.3.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "frr-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.5.1-13.el8_9.3.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. \n\nSecurity Fix(es):\n\n* ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)\n* ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)\n* frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)\n* frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0130",
"modified": "2024-01-16T16:44:16Z",
"published": "2024-01-10T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0130"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-38406"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-38407"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-47234"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-47235"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2248207"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2248208"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2248526"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2248528"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-0130.html"
}
],
"related": [
"CVE-2023-38406",
"CVE-2023-38407",
"CVE-2023-47234",
"CVE-2023-47235"
],
"summary": "Moderate: frr security update"
}
alsa-2024:0477
Vulnerability from osv_almalinux
Published
2024-01-25 00:00
Modified
2024-01-25 21:18
Summary
Moderate: frr security update
Details
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
- ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)
- ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)
- frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)
- frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "frr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.3.1-11.el9_3.2.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "frr-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.3.1-11.el9_3.2.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. \n\nSecurity Fix(es):\n\n* ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)\n* ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)\n* frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)\n* frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0477",
"modified": "2024-01-25T21:18:33Z",
"published": "2024-01-25T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0477"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-38406"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-38407"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-47234"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-47235"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2248207"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2248208"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2248526"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2248528"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-0477.html"
}
],
"related": [
"CVE-2023-38406",
"CVE-2023-38407",
"CVE-2023-47234",
"CVE-2023-47235"
],
"summary": "Moderate: frr security update"
}
BDU:2024-04616
Vulnerability from fstec - Published: 06.11.2023
VLAI Severity ?
Title
Уязвимость файла bgpd/bgp_label.c программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость файла bgpd/bgp_label.c программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting связана с пытками прочесть за пределами конца потока во время анализа помеченной одноадресной рассылки. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Severity ?
Vendor
ООО «Ред Софт», Сообщество свободного программного обеспечения
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), FRRouting
Software Version
7.3 (РЕД ОС), до 8.5 (FRRouting)
Possible Mitigations
Для FRRouting:
https://github.com/FRRouting/frr/pull/12951
https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b
https://github.com/FRRouting/frr/pull/12956
https://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b
https://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f
https://github.com/FRRouting/frr/pull/12951
https://github.com/FRRouting/frr/pull/12956
https://redos.red-soft.ru/support/secure/
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 8.5 (FRRouting)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f FRRouting:\nhttps://github.com/FRRouting/frr/pull/12951\nhttps://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b\nhttps://github.com/FRRouting/frr/pull/12956\nhttps://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.06.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.06.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-04616",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-38407",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), FRRouting",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0430\u0439\u043b\u0430 bgpd/bgp_label.c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0430 Unix-\u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 FRRouting, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0430\u0439\u043b\u0430 bgpd/bgp_label.c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0430 Unix-\u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 FRRouting \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u044b\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0447\u0435\u0441\u0442\u044c \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u043a\u043e\u043d\u0446\u0430 \u043f\u043e\u0442\u043e\u043a\u0430 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043f\u043e\u043c\u0435\u0447\u0435\u043d\u043d\u043e\u0439 \u043e\u0434\u043d\u043e\u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b\nhttps://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f\nhttps://github.com/FRRouting/frr/pull/12951\nhttps://github.com/FRRouting/frr/pull/12956\nhttps://redos.red-soft.ru/support/secure/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
FKIE_CVE-2023-38407
Vulnerability from fkie_nvd - Published: 2023-11-06 06:15 - Updated: 2025-11-04 17:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5 | Patch | |
| cve@mitre.org | https://github.com/FRRouting/frr/pull/12951 | Patch | |
| cve@mitre.org | https://github.com/FRRouting/frr/pull/12956 | Patch | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FRRouting/frr/pull/12951 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FRRouting/frr/pull/12956 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0E7F12-AAE7-48DA-B684-585BA3188B28",
"versionEndExcluding": "8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing."
},
{
"lang": "es",
"value": "bgpd/bgp_label.c en FRRouting (FRR) antes de 8.5 intenta leer m\u00e1s all\u00e1 del final de la secuencia durante el an\u00e1lisis de unicast etiquetado."
}
],
"id": "CVE-2023-38407",
"lastModified": "2025-11-04T17:15:37.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-06T06:15:40.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/FRRouting/frr/pull/12951"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/FRRouting/frr/pull/12956"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/FRRouting/frr/pull/12951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/FRRouting/frr/pull/12956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-38FW-5CVW-P8H6
Vulnerability from github – Published: 2023-11-06 06:30 – Updated: 2025-11-04 18:30
VLAI?
Details
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2023-38407"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-06T06:15:40Z",
"severity": "HIGH"
},
"details": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.",
"id": "GHSA-38fw-5cvw-p8h6",
"modified": "2025-11-04T18:30:44Z",
"published": "2023-11-06T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38407"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/12951"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/12956"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-38407
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-38407",
"id": "GSD-2023-38407"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-38407"
],
"details": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.",
"id": "GSD-2023-38407",
"modified": "2023-12-13T01:20:36.006987Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-38407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FRRouting/frr/pull/12951",
"refsource": "MISC",
"url": "https://github.com/FRRouting/frr/pull/12951"
},
{
"name": "https://github.com/FRRouting/frr/pull/12956",
"refsource": "MISC",
"url": "https://github.com/FRRouting/frr/pull/12956"
},
{
"name": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5",
"refsource": "MISC",
"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5"
},
{
"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0E7F12-AAE7-48DA-B684-585BA3188B28",
"versionEndExcluding": "8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing."
},
{
"lang": "es",
"value": "bgpd/bgp_label.c en FRRouting (FRR) antes de 8.5 intenta leer m\u00e1s all\u00e1 del final de la secuencia durante el an\u00e1lisis de unicast etiquetado."
}
],
"id": "CVE-2023-38407",
"lastModified": "2024-04-28T07:15:08.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-06T06:15:40.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/FRRouting/frr/compare/frr-8.5-rc...frr-8.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/FRRouting/frr/pull/12951"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/FRRouting/frr/pull/12956"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2024:13487-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
frr-8.4-8.1 on GA media
Severity
Moderate
Notes
Title of the patch: frr-8.4-8.1 on GA media
Description of the patch: These are all security issues fixed in the frr-8.4-8.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13487
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-38406/ | self |
| https://www.suse.com/security/cve/CVE-2023-38407/ | self |
| https://www.suse.com/security/cve/CVE-2023-47234/ | self |
| https://www.suse.com/security/cve/CVE-2023-47235/ | self |
| https://www.suse.com/security/cve/CVE-2023-38406 | external |
| https://bugzilla.suse.com/1216900 | external |
| https://www.suse.com/security/cve/CVE-2023-38407 | external |
| https://bugzilla.suse.com/1216899 | external |
| https://www.suse.com/security/cve/CVE-2023-47234 | external |
| https://bugzilla.suse.com/1216897 | external |
| https://www.suse.com/security/cve/CVE-2023-47235 | external |
| https://bugzilla.suse.com/1216896 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "frr-8.4-8.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the frr-8.4-8.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13487",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13487-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-38406 page",
"url": "https://www.suse.com/security/cve/CVE-2023-38406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-38407 page",
"url": "https://www.suse.com/security/cve/CVE-2023-38407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47234 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47235 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47235/"
}
],
"title": "frr-8.4-8.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13487-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "frr-8.4-8.1.aarch64",
"product": {
"name": "frr-8.4-8.1.aarch64",
"product_id": "frr-8.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "frr-devel-8.4-8.1.aarch64",
"product": {
"name": "frr-devel-8.4-8.1.aarch64",
"product_id": "frr-devel-8.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfrr0-8.4-8.1.aarch64",
"product": {
"name": "libfrr0-8.4-8.1.aarch64",
"product_id": "libfrr0-8.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfrr_pb0-8.4-8.1.aarch64",
"product": {
"name": "libfrr_pb0-8.4-8.1.aarch64",
"product_id": "libfrr_pb0-8.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfrrcares0-8.4-8.1.aarch64",
"product": {
"name": "libfrrcares0-8.4-8.1.aarch64",
"product_id": "libfrrcares0-8.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfrrfpm_pb0-8.4-8.1.aarch64",
"product": {
"name": "libfrrfpm_pb0-8.4-8.1.aarch64",
"product_id": "libfrrfpm_pb0-8.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfrrospfapiclient0-8.4-8.1.aarch64",
"product": {
"name": "libfrrospfapiclient0-8.4-8.1.aarch64",
"product_id": "libfrrospfapiclient0-8.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfrrsnmp0-8.4-8.1.aarch64",
"product": {
"name": "libfrrsnmp0-8.4-8.1.aarch64",
"product_id": "libfrrsnmp0-8.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfrrzmq0-8.4-8.1.aarch64",
"product": {
"name": "libfrrzmq0-8.4-8.1.aarch64",
"product_id": "libfrrzmq0-8.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmlag_pb0-8.4-8.1.aarch64",
"product": {
"name": "libmlag_pb0-8.4-8.1.aarch64",
"product_id": "libmlag_pb0-8.4-8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-8.4-8.1.ppc64le",
"product": {
"name": "frr-8.4-8.1.ppc64le",
"product_id": "frr-8.4-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "frr-devel-8.4-8.1.ppc64le",
"product": {
"name": "frr-devel-8.4-8.1.ppc64le",
"product_id": "frr-devel-8.4-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfrr0-8.4-8.1.ppc64le",
"product": {
"name": "libfrr0-8.4-8.1.ppc64le",
"product_id": "libfrr0-8.4-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfrr_pb0-8.4-8.1.ppc64le",
"product": {
"name": "libfrr_pb0-8.4-8.1.ppc64le",
"product_id": "libfrr_pb0-8.4-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfrrcares0-8.4-8.1.ppc64le",
"product": {
"name": "libfrrcares0-8.4-8.1.ppc64le",
"product_id": "libfrrcares0-8.4-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfrrfpm_pb0-8.4-8.1.ppc64le",
"product": {
"name": "libfrrfpm_pb0-8.4-8.1.ppc64le",
"product_id": "libfrrfpm_pb0-8.4-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfrrospfapiclient0-8.4-8.1.ppc64le",
"product": {
"name": "libfrrospfapiclient0-8.4-8.1.ppc64le",
"product_id": "libfrrospfapiclient0-8.4-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfrrsnmp0-8.4-8.1.ppc64le",
"product": {
"name": "libfrrsnmp0-8.4-8.1.ppc64le",
"product_id": "libfrrsnmp0-8.4-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfrrzmq0-8.4-8.1.ppc64le",
"product": {
"name": "libfrrzmq0-8.4-8.1.ppc64le",
"product_id": "libfrrzmq0-8.4-8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmlag_pb0-8.4-8.1.ppc64le",
"product": {
"name": "libmlag_pb0-8.4-8.1.ppc64le",
"product_id": "libmlag_pb0-8.4-8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-8.4-8.1.s390x",
"product": {
"name": "frr-8.4-8.1.s390x",
"product_id": "frr-8.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "frr-devel-8.4-8.1.s390x",
"product": {
"name": "frr-devel-8.4-8.1.s390x",
"product_id": "frr-devel-8.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libfrr0-8.4-8.1.s390x",
"product": {
"name": "libfrr0-8.4-8.1.s390x",
"product_id": "libfrr0-8.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libfrr_pb0-8.4-8.1.s390x",
"product": {
"name": "libfrr_pb0-8.4-8.1.s390x",
"product_id": "libfrr_pb0-8.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libfrrcares0-8.4-8.1.s390x",
"product": {
"name": "libfrrcares0-8.4-8.1.s390x",
"product_id": "libfrrcares0-8.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libfrrfpm_pb0-8.4-8.1.s390x",
"product": {
"name": "libfrrfpm_pb0-8.4-8.1.s390x",
"product_id": "libfrrfpm_pb0-8.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libfrrospfapiclient0-8.4-8.1.s390x",
"product": {
"name": "libfrrospfapiclient0-8.4-8.1.s390x",
"product_id": "libfrrospfapiclient0-8.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libfrrsnmp0-8.4-8.1.s390x",
"product": {
"name": "libfrrsnmp0-8.4-8.1.s390x",
"product_id": "libfrrsnmp0-8.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libfrrzmq0-8.4-8.1.s390x",
"product": {
"name": "libfrrzmq0-8.4-8.1.s390x",
"product_id": "libfrrzmq0-8.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libmlag_pb0-8.4-8.1.s390x",
"product": {
"name": "libmlag_pb0-8.4-8.1.s390x",
"product_id": "libmlag_pb0-8.4-8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-8.4-8.1.x86_64",
"product": {
"name": "frr-8.4-8.1.x86_64",
"product_id": "frr-8.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "frr-devel-8.4-8.1.x86_64",
"product": {
"name": "frr-devel-8.4-8.1.x86_64",
"product_id": "frr-devel-8.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfrr0-8.4-8.1.x86_64",
"product": {
"name": "libfrr0-8.4-8.1.x86_64",
"product_id": "libfrr0-8.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfrr_pb0-8.4-8.1.x86_64",
"product": {
"name": "libfrr_pb0-8.4-8.1.x86_64",
"product_id": "libfrr_pb0-8.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfrrcares0-8.4-8.1.x86_64",
"product": {
"name": "libfrrcares0-8.4-8.1.x86_64",
"product_id": "libfrrcares0-8.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfrrfpm_pb0-8.4-8.1.x86_64",
"product": {
"name": "libfrrfpm_pb0-8.4-8.1.x86_64",
"product_id": "libfrrfpm_pb0-8.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfrrospfapiclient0-8.4-8.1.x86_64",
"product": {
"name": "libfrrospfapiclient0-8.4-8.1.x86_64",
"product_id": "libfrrospfapiclient0-8.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfrrsnmp0-8.4-8.1.x86_64",
"product": {
"name": "libfrrsnmp0-8.4-8.1.x86_64",
"product_id": "libfrrsnmp0-8.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfrrzmq0-8.4-8.1.x86_64",
"product": {
"name": "libfrrzmq0-8.4-8.1.x86_64",
"product_id": "libfrrzmq0-8.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmlag_pb0-8.4-8.1.x86_64",
"product": {
"name": "libmlag_pb0-8.4-8.1.x86_64",
"product_id": "libmlag_pb0-8.4-8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-8.4-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:frr-8.4-8.1.aarch64"
},
"product_reference": "frr-8.4-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-8.4-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:frr-8.4-8.1.ppc64le"
},
"product_reference": "frr-8.4-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-8.4-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:frr-8.4-8.1.s390x"
},
"product_reference": "frr-8.4-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-8.4-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:frr-8.4-8.1.x86_64"
},
"product_reference": "frr-8.4-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-devel-8.4-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64"
},
"product_reference": "frr-devel-8.4-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-devel-8.4-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le"
},
"product_reference": "frr-devel-8.4-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-devel-8.4-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x"
},
"product_reference": "frr-devel-8.4-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-devel-8.4-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64"
},
"product_reference": "frr-devel-8.4-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrr0-8.4-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64"
},
"product_reference": "libfrr0-8.4-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrr0-8.4-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le"
},
"product_reference": "libfrr0-8.4-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrr0-8.4-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x"
},
"product_reference": "libfrr0-8.4-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrr0-8.4-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64"
},
"product_reference": "libfrr0-8.4-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrr_pb0-8.4-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64"
},
"product_reference": "libfrr_pb0-8.4-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrr_pb0-8.4-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le"
},
"product_reference": "libfrr_pb0-8.4-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrr_pb0-8.4-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x"
},
"product_reference": "libfrr_pb0-8.4-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrr_pb0-8.4-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64"
},
"product_reference": "libfrr_pb0-8.4-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrcares0-8.4-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64"
},
"product_reference": "libfrrcares0-8.4-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrcares0-8.4-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le"
},
"product_reference": "libfrrcares0-8.4-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrcares0-8.4-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x"
},
"product_reference": "libfrrcares0-8.4-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrcares0-8.4-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64"
},
"product_reference": "libfrrcares0-8.4-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrfpm_pb0-8.4-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64"
},
"product_reference": "libfrrfpm_pb0-8.4-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrfpm_pb0-8.4-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le"
},
"product_reference": "libfrrfpm_pb0-8.4-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrfpm_pb0-8.4-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x"
},
"product_reference": "libfrrfpm_pb0-8.4-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrfpm_pb0-8.4-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64"
},
"product_reference": "libfrrfpm_pb0-8.4-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrospfapiclient0-8.4-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64"
},
"product_reference": "libfrrospfapiclient0-8.4-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrospfapiclient0-8.4-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le"
},
"product_reference": "libfrrospfapiclient0-8.4-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrospfapiclient0-8.4-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x"
},
"product_reference": "libfrrospfapiclient0-8.4-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrospfapiclient0-8.4-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64"
},
"product_reference": "libfrrospfapiclient0-8.4-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrsnmp0-8.4-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64"
},
"product_reference": "libfrrsnmp0-8.4-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrsnmp0-8.4-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le"
},
"product_reference": "libfrrsnmp0-8.4-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrsnmp0-8.4-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x"
},
"product_reference": "libfrrsnmp0-8.4-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrsnmp0-8.4-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64"
},
"product_reference": "libfrrsnmp0-8.4-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrzmq0-8.4-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64"
},
"product_reference": "libfrrzmq0-8.4-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrzmq0-8.4-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le"
},
"product_reference": "libfrrzmq0-8.4-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrzmq0-8.4-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x"
},
"product_reference": "libfrrzmq0-8.4-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfrrzmq0-8.4-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64"
},
"product_reference": "libfrrzmq0-8.4-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmlag_pb0-8.4-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64"
},
"product_reference": "libmlag_pb0-8.4-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmlag_pb0-8.4-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le"
},
"product_reference": "libmlag_pb0-8.4-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmlag_pb0-8.4-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x"
},
"product_reference": "libmlag_pb0-8.4-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmlag_pb0-8.4-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
},
"product_reference": "libmlag_pb0-8.4-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-38406"
}
],
"notes": [
{
"category": "general",
"text": "bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a \"flowspec overflow.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-38406",
"url": "https://www.suse.com/security/cve/CVE-2023-38406"
},
{
"category": "external",
"summary": "SUSE Bug 1216900 for CVE-2023-38406",
"url": "https://bugzilla.suse.com/1216900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-38406"
},
{
"cve": "CVE-2023-38407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-38407"
}
],
"notes": [
{
"category": "general",
"text": "bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-38407",
"url": "https://www.suse.com/security/cve/CVE-2023-38407"
},
{
"category": "external",
"summary": "SUSE Bug 1216899 for CVE-2023-38407",
"url": "https://bugzilla.suse.com/1216899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-38407"
},
{
"cve": "CVE-2023-47234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47234"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47234",
"url": "https://www.suse.com/security/cve/CVE-2023-47234"
},
{
"category": "external",
"summary": "SUSE Bug 1216897 for CVE-2023-47234",
"url": "https://bugzilla.suse.com/1216897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-47234"
},
{
"cve": "CVE-2023-47235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47235"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47235",
"url": "https://www.suse.com/security/cve/CVE-2023-47235"
},
{
"category": "external",
"summary": "SUSE Bug 1216896 for CVE-2023-47235",
"url": "https://bugzilla.suse.com/1216896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:frr-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-8.4-8.1.x86_64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.aarch64",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.s390x",
"openSUSE Tumbleweed:frr-devel-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrr_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrcares0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrfpm_pb0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrospfapiclient0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrsnmp0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libfrrzmq0-8.4-8.1.x86_64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.aarch64",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.ppc64le",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.s390x",
"openSUSE Tumbleweed:libmlag_pb0-8.4-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-47235"
}
]
}
RHSA-2024:0130
Vulnerability from csaf_redhat - Published: 2024-01-10 11:33 - Updated: 2026-03-18 02:26Summary
Red Hat Security Advisory: frr security update
Severity
Moderate
Notes
Topic: An update for frr is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
* ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)
* ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)
* frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)
* frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in bgpd/bgp_flowspec.c in the FFrouting BGP protocol code. An overflow may occur while processing zero length NLRI messages.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data that lacks mandatory path attributes.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
27 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:0130 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248207 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248208 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248526 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248528 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2023-38406 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248526 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-38406 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-38406 | external |
| https://github.com/FRRouting/frr/pull/12884 | external |
| https://access.redhat.com/security/cve/CVE-2023-38407 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248528 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-38407 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-38407 | external |
| https://github.com/FRRouting/frr/pull/12951 | external |
| https://github.com/FRRouting/frr/pull/12956 | external |
| https://access.redhat.com/security/cve/CVE-2023-47234 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248208 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-47234 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-47234 | external |
| https://access.redhat.com/security/cve/CVE-2023-47235 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248207 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-47235 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-47235 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for frr is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. \n\nSecurity Fix(es):\n\n* ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)\n\n* ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)\n\n* frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)\n\n* frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0130",
"url": "https://access.redhat.com/errata/RHSA-2024:0130"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/index"
},
{
"category": "external",
"summary": "2248207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248207"
},
{
"category": "external",
"summary": "2248208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248208"
},
{
"category": "external",
"summary": "2248526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248526"
},
{
"category": "external",
"summary": "2248528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248528"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0130.json"
}
],
"title": "Red Hat Security Advisory: frr security update",
"tracking": {
"current_release_date": "2026-03-18T02:26:36+00:00",
"generator": {
"date": "2026-03-18T02:26:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:0130",
"initial_release_date": "2024-01-10T11:33:01+00:00",
"revision_history": [
{
"date": "2024-01-10T11:33:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-10T11:33:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:26:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:7.5.1-13.el8_9.3.src",
"product": {
"name": "frr-0:7.5.1-13.el8_9.3.src",
"product_id": "frr-0:7.5.1-13.el8_9.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@7.5.1-13.el8_9.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:7.5.1-13.el8_9.3.aarch64",
"product": {
"name": "frr-0:7.5.1-13.el8_9.3.aarch64",
"product_id": "frr-0:7.5.1-13.el8_9.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@7.5.1-13.el8_9.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"product": {
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"product_id": "frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@7.5.1-13.el8_9.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"product": {
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"product_id": "frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@7.5.1-13.el8_9.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:7.5.1-13.el8_9.3.ppc64le",
"product": {
"name": "frr-0:7.5.1-13.el8_9.3.ppc64le",
"product_id": "frr-0:7.5.1-13.el8_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@7.5.1-13.el8_9.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"product": {
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"product_id": "frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@7.5.1-13.el8_9.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"product": {
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"product_id": "frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@7.5.1-13.el8_9.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:7.5.1-13.el8_9.3.x86_64",
"product": {
"name": "frr-0:7.5.1-13.el8_9.3.x86_64",
"product_id": "frr-0:7.5.1-13.el8_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@7.5.1-13.el8_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"product": {
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"product_id": "frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@7.5.1-13.el8_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"product": {
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"product_id": "frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@7.5.1-13.el8_9.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:7.5.1-13.el8_9.3.s390x",
"product": {
"name": "frr-0:7.5.1-13.el8_9.3.s390x",
"product_id": "frr-0:7.5.1-13.el8_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@7.5.1-13.el8_9.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"product": {
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"product_id": "frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@7.5.1-13.el8_9.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"product": {
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"product_id": "frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@7.5.1-13.el8_9.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-selinux-0:7.5.1-13.el8_9.3.noarch",
"product": {
"name": "frr-selinux-0:7.5.1-13.el8_9.3.noarch",
"product_id": "frr-selinux-0:7.5.1-13.el8_9.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-selinux@7.5.1-13.el8_9.3?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:7.5.1-13.el8_9.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64"
},
"product_reference": "frr-0:7.5.1-13.el8_9.3.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:7.5.1-13.el8_9.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le"
},
"product_reference": "frr-0:7.5.1-13.el8_9.3.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:7.5.1-13.el8_9.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x"
},
"product_reference": "frr-0:7.5.1-13.el8_9.3.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:7.5.1-13.el8_9.3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src"
},
"product_reference": "frr-0:7.5.1-13.el8_9.3.src",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:7.5.1-13.el8_9.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64"
},
"product_reference": "frr-0:7.5.1-13.el8_9.3.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64"
},
"product_reference": "frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le"
},
"product_reference": "frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x"
},
"product_reference": "frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64"
},
"product_reference": "frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64"
},
"product_reference": "frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le"
},
"product_reference": "frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x"
},
"product_reference": "frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:7.5.1-13.el8_9.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64"
},
"product_reference": "frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-selinux-0:7.5.1-13.el8_9.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
},
"product_reference": "frr-selinux-0:7.5.1-13.el8_9.3.noarch",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38406",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248526"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in bgpd/bgp_flowspec.c in the FFrouting BGP protocol code. An overflow may occur while processing zero length NLRI messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ffr: Flowspec overflow in bgpd/bgp_flowspec.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38406"
},
{
"category": "external",
"summary": "RHBZ#2248526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38406"
},
{
"category": "external",
"summary": "https://github.com/FRRouting/frr/pull/12884",
"url": "https://github.com/FRRouting/frr/pull/12884"
}
],
"release_date": "2023-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:33:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0130"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ffr: Flowspec overflow in bgpd/bgp_flowspec.c"
},
{
"cve": "CVE-2023-38407",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248528"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ffr: Out of bounds read in bgpd/bgp_label.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38407"
},
{
"category": "external",
"summary": "RHBZ#2248528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38407",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38407"
},
{
"category": "external",
"summary": "https://github.com/FRRouting/frr/pull/12951",
"url": "https://github.com/FRRouting/frr/pull/12951"
},
{
"category": "external",
"summary": "https://github.com/FRRouting/frr/pull/12956",
"url": "https://github.com/FRRouting/frr/pull/12956"
}
],
"release_date": "2023-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:33:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0130"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ffr: Out of bounds read in bgpd/bgp_label.c"
},
{
"cve": "CVE-2023-47234",
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data that lacks mandatory path attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-47234"
},
{
"category": "external",
"summary": "RHBZ#2248208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-47234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-47234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47234"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:33:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0130"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message"
},
{
"cve": "CVE-2023-47235",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248207"
}
],
"notes": [
{
"category": "description",
"text": "An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "frr: crash from malformed EOR-containing BGP UPDATE message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity issue has been identified in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR. It\u0027s important to note that Red Hat OpenStack Platform (RHOSP) is not directly affected, as it utilises the version from the underlying Red Hat Enterprise Linux and is marked as Not Affected, with no changes required by the OpenStack engineering team. However, system administrators of OpenStack deployments are advised to apply updates once available in RHEL to mitigate potential risks. Additionally, this flaw is discovered through fuzzing, where, in normal cases, such packets cannot exist.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-47235"
},
{
"category": "external",
"summary": "RHBZ#2248207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-47235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-47235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47235"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T11:33:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0130"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.src",
"AppStream-8.9.0.Z.MAIN:frr-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debuginfo-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.aarch64",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.ppc64le",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.s390x",
"AppStream-8.9.0.Z.MAIN:frr-debugsource-0:7.5.1-13.el8_9.3.x86_64",
"AppStream-8.9.0.Z.MAIN:frr-selinux-0:7.5.1-13.el8_9.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "frr: crash from malformed EOR-containing BGP UPDATE message"
}
]
}
RHSA-2024:0477
Vulnerability from csaf_redhat - Published: 2024-01-25 10:51 - Updated: 2026-03-18 02:31Summary
Red Hat Security Advisory: frr security update
Severity
Moderate
Notes
Topic: An update for frr is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
* ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)
* ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)
* frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)
* frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in bgpd/bgp_flowspec.c in the FFrouting BGP protocol code. An overflow may occur while processing zero length NLRI messages.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data that lacks mandatory path attributes.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
26 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:0477 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248207 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248208 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248526 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248528 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2023-38406 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248526 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-38406 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-38406 | external |
| https://github.com/FRRouting/frr/pull/12884 | external |
| https://access.redhat.com/security/cve/CVE-2023-38407 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248528 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-38407 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-38407 | external |
| https://github.com/FRRouting/frr/pull/12951 | external |
| https://github.com/FRRouting/frr/pull/12956 | external |
| https://access.redhat.com/security/cve/CVE-2023-47234 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248208 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-47234 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-47234 | external |
| https://access.redhat.com/security/cve/CVE-2023-47235 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248207 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-47235 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-47235 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for frr is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. \n\nSecurity Fix(es):\n\n* ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)\n\n* ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)\n\n* frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)\n\n* frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0477",
"url": "https://access.redhat.com/errata/RHSA-2024:0477"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2248207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248207"
},
{
"category": "external",
"summary": "2248208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248208"
},
{
"category": "external",
"summary": "2248526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248526"
},
{
"category": "external",
"summary": "2248528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248528"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0477.json"
}
],
"title": "Red Hat Security Advisory: frr security update",
"tracking": {
"current_release_date": "2026-03-18T02:31:26+00:00",
"generator": {
"date": "2026-03-18T02:31:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:0477",
"initial_release_date": "2024-01-25T10:51:39+00:00",
"revision_history": [
{
"date": "2024-01-25T10:51:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-25T10:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:31:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:8.3.1-11.el9_3.2.src",
"product": {
"name": "frr-0:8.3.1-11.el9_3.2.src",
"product_id": "frr-0:8.3.1-11.el9_3.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@8.3.1-11.el9_3.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:8.3.1-11.el9_3.2.aarch64",
"product": {
"name": "frr-0:8.3.1-11.el9_3.2.aarch64",
"product_id": "frr-0:8.3.1-11.el9_3.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@8.3.1-11.el9_3.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"product": {
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"product_id": "frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@8.3.1-11.el9_3.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"product": {
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"product_id": "frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@8.3.1-11.el9_3.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:8.3.1-11.el9_3.2.ppc64le",
"product": {
"name": "frr-0:8.3.1-11.el9_3.2.ppc64le",
"product_id": "frr-0:8.3.1-11.el9_3.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@8.3.1-11.el9_3.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"product": {
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"product_id": "frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@8.3.1-11.el9_3.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"product": {
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"product_id": "frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@8.3.1-11.el9_3.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:8.3.1-11.el9_3.2.x86_64",
"product": {
"name": "frr-0:8.3.1-11.el9_3.2.x86_64",
"product_id": "frr-0:8.3.1-11.el9_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@8.3.1-11.el9_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"product": {
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"product_id": "frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@8.3.1-11.el9_3.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"product": {
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"product_id": "frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@8.3.1-11.el9_3.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:8.3.1-11.el9_3.2.s390x",
"product": {
"name": "frr-0:8.3.1-11.el9_3.2.s390x",
"product_id": "frr-0:8.3.1-11.el9_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@8.3.1-11.el9_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"product": {
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"product_id": "frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@8.3.1-11.el9_3.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"product": {
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"product_id": "frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@8.3.1-11.el9_3.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-selinux-0:8.3.1-11.el9_3.2.noarch",
"product": {
"name": "frr-selinux-0:8.3.1-11.el9_3.2.noarch",
"product_id": "frr-selinux-0:8.3.1-11.el9_3.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-selinux@8.3.1-11.el9_3.2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:8.3.1-11.el9_3.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64"
},
"product_reference": "frr-0:8.3.1-11.el9_3.2.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:8.3.1-11.el9_3.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le"
},
"product_reference": "frr-0:8.3.1-11.el9_3.2.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:8.3.1-11.el9_3.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x"
},
"product_reference": "frr-0:8.3.1-11.el9_3.2.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:8.3.1-11.el9_3.2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src"
},
"product_reference": "frr-0:8.3.1-11.el9_3.2.src",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:8.3.1-11.el9_3.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64"
},
"product_reference": "frr-0:8.3.1-11.el9_3.2.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64"
},
"product_reference": "frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le"
},
"product_reference": "frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x"
},
"product_reference": "frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64"
},
"product_reference": "frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64"
},
"product_reference": "frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le"
},
"product_reference": "frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x"
},
"product_reference": "frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:8.3.1-11.el9_3.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64"
},
"product_reference": "frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-selinux-0:8.3.1-11.el9_3.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
},
"product_reference": "frr-selinux-0:8.3.1-11.el9_3.2.noarch",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38406",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248526"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in bgpd/bgp_flowspec.c in the FFrouting BGP protocol code. An overflow may occur while processing zero length NLRI messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ffr: Flowspec overflow in bgpd/bgp_flowspec.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38406"
},
{
"category": "external",
"summary": "RHBZ#2248526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38406"
},
{
"category": "external",
"summary": "https://github.com/FRRouting/frr/pull/12884",
"url": "https://github.com/FRRouting/frr/pull/12884"
}
],
"release_date": "2023-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:51:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0477"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ffr: Flowspec overflow in bgpd/bgp_flowspec.c"
},
{
"cve": "CVE-2023-38407",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248528"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ffr: Out of bounds read in bgpd/bgp_label.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38407"
},
{
"category": "external",
"summary": "RHBZ#2248528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38407",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38407"
},
{
"category": "external",
"summary": "https://github.com/FRRouting/frr/pull/12951",
"url": "https://github.com/FRRouting/frr/pull/12951"
},
{
"category": "external",
"summary": "https://github.com/FRRouting/frr/pull/12956",
"url": "https://github.com/FRRouting/frr/pull/12956"
}
],
"release_date": "2023-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:51:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0477"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ffr: Out of bounds read in bgpd/bgp_label.c"
},
{
"cve": "CVE-2023-47234",
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data that lacks mandatory path attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-47234"
},
{
"category": "external",
"summary": "RHBZ#2248208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-47234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-47234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47234"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:51:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0477"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message"
},
{
"cve": "CVE-2023-47235",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248207"
}
],
"notes": [
{
"category": "description",
"text": "An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "frr: crash from malformed EOR-containing BGP UPDATE message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity issue has been identified in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR. It\u0027s important to note that Red Hat OpenStack Platform (RHOSP) is not directly affected, as it utilises the version from the underlying Red Hat Enterprise Linux and is marked as Not Affected, with no changes required by the OpenStack engineering team. However, system administrators of OpenStack deployments are advised to apply updates once available in RHEL to mitigate potential risks. Additionally, this flaw is discovered through fuzzing, where, in normal cases, such packets cannot exist.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-47235"
},
{
"category": "external",
"summary": "RHBZ#2248207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-47235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-47235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47235"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-25T10:51:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0477"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:frr-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debuginfo-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:frr-debugsource-0:8.3.1-11.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:frr-selinux-0:8.3.1-11.el9_3.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "frr: crash from malformed EOR-containing BGP UPDATE message"
}
]
}
RHSA-2024:0574
Vulnerability from csaf_redhat - Published: 2024-01-30 13:24 - Updated: 2026-03-18 02:33Summary
Red Hat Security Advisory: frr security update
Severity
Moderate
Notes
Topic: An update for frr is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
* ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)
* ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)
* frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)
* frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in bgpd/bgp_flowspec.c in the FFrouting BGP protocol code. An overflow may occur while processing zero length NLRI messages.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data that lacks mandatory path attributes.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
26 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:0574 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248207 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248208 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248526 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248528 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2023-38406 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248526 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-38406 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-38406 | external |
| https://github.com/FRRouting/frr/pull/12884 | external |
| https://access.redhat.com/security/cve/CVE-2023-38407 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248528 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-38407 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-38407 | external |
| https://github.com/FRRouting/frr/pull/12951 | external |
| https://github.com/FRRouting/frr/pull/12956 | external |
| https://access.redhat.com/security/cve/CVE-2023-47234 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248208 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-47234 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-47234 | external |
| https://access.redhat.com/security/cve/CVE-2023-47235 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248207 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-47235 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-47235 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for frr is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. \n\nSecurity Fix(es):\n\n* ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)\n\n* ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)\n\n* frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)\n\n* frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0574",
"url": "https://access.redhat.com/errata/RHSA-2024:0574"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2248207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248207"
},
{
"category": "external",
"summary": "2248208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248208"
},
{
"category": "external",
"summary": "2248526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248526"
},
{
"category": "external",
"summary": "2248528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248528"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0574.json"
}
],
"title": "Red Hat Security Advisory: frr security update",
"tracking": {
"current_release_date": "2026-03-18T02:33:03+00:00",
"generator": {
"date": "2026-03-18T02:33:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:0574",
"initial_release_date": "2024-01-30T13:24:13+00:00",
"revision_history": [
{
"date": "2024-01-30T13:24:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-30T13:24:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:33:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:7.5.1-7.el8_8.5.src",
"product": {
"name": "frr-0:7.5.1-7.el8_8.5.src",
"product_id": "frr-0:7.5.1-7.el8_8.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@7.5.1-7.el8_8.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:7.5.1-7.el8_8.5.aarch64",
"product": {
"name": "frr-0:7.5.1-7.el8_8.5.aarch64",
"product_id": "frr-0:7.5.1-7.el8_8.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@7.5.1-7.el8_8.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"product": {
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"product_id": "frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@7.5.1-7.el8_8.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"product": {
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"product_id": "frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@7.5.1-7.el8_8.5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:7.5.1-7.el8_8.5.ppc64le",
"product": {
"name": "frr-0:7.5.1-7.el8_8.5.ppc64le",
"product_id": "frr-0:7.5.1-7.el8_8.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@7.5.1-7.el8_8.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"product": {
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"product_id": "frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@7.5.1-7.el8_8.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"product": {
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"product_id": "frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@7.5.1-7.el8_8.5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:7.5.1-7.el8_8.5.x86_64",
"product": {
"name": "frr-0:7.5.1-7.el8_8.5.x86_64",
"product_id": "frr-0:7.5.1-7.el8_8.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@7.5.1-7.el8_8.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"product": {
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"product_id": "frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@7.5.1-7.el8_8.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"product": {
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"product_id": "frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@7.5.1-7.el8_8.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-0:7.5.1-7.el8_8.5.s390x",
"product": {
"name": "frr-0:7.5.1-7.el8_8.5.s390x",
"product_id": "frr-0:7.5.1-7.el8_8.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr@7.5.1-7.el8_8.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"product": {
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"product_id": "frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debugsource@7.5.1-7.el8_8.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"product": {
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"product_id": "frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-debuginfo@7.5.1-7.el8_8.5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "frr-selinux-0:7.5.1-7.el8_8.5.noarch",
"product": {
"name": "frr-selinux-0:7.5.1-7.el8_8.5.noarch",
"product_id": "frr-selinux-0:7.5.1-7.el8_8.5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/frr-selinux@7.5.1-7.el8_8.5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:7.5.1-7.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64"
},
"product_reference": "frr-0:7.5.1-7.el8_8.5.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:7.5.1-7.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le"
},
"product_reference": "frr-0:7.5.1-7.el8_8.5.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:7.5.1-7.el8_8.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x"
},
"product_reference": "frr-0:7.5.1-7.el8_8.5.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:7.5.1-7.el8_8.5.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src"
},
"product_reference": "frr-0:7.5.1-7.el8_8.5.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-0:7.5.1-7.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64"
},
"product_reference": "frr-0:7.5.1-7.el8_8.5.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64"
},
"product_reference": "frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le"
},
"product_reference": "frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x"
},
"product_reference": "frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64"
},
"product_reference": "frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64"
},
"product_reference": "frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le"
},
"product_reference": "frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x"
},
"product_reference": "frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-debugsource-0:7.5.1-7.el8_8.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64"
},
"product_reference": "frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "frr-selinux-0:7.5.1-7.el8_8.5.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
},
"product_reference": "frr-selinux-0:7.5.1-7.el8_8.5.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-38406",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248526"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in bgpd/bgp_flowspec.c in the FFrouting BGP protocol code. An overflow may occur while processing zero length NLRI messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ffr: Flowspec overflow in bgpd/bgp_flowspec.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38406"
},
{
"category": "external",
"summary": "RHBZ#2248526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38406"
},
{
"category": "external",
"summary": "https://github.com/FRRouting/frr/pull/12884",
"url": "https://github.com/FRRouting/frr/pull/12884"
}
],
"release_date": "2023-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-30T13:24:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ffr: Flowspec overflow in bgpd/bgp_flowspec.c"
},
{
"cve": "CVE-2023-38407",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248528"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ffr: Out of bounds read in bgpd/bgp_label.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-38407"
},
{
"category": "external",
"summary": "RHBZ#2248528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-38407",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-38407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38407"
},
{
"category": "external",
"summary": "https://github.com/FRRouting/frr/pull/12951",
"url": "https://github.com/FRRouting/frr/pull/12951"
},
{
"category": "external",
"summary": "https://github.com/FRRouting/frr/pull/12956",
"url": "https://github.com/FRRouting/frr/pull/12956"
}
],
"release_date": "2023-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-30T13:24:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ffr: Out of bounds read in bgpd/bgp_label.c"
},
{
"cve": "CVE-2023-47234",
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data that lacks mandatory path attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-47234"
},
{
"category": "external",
"summary": "RHBZ#2248208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-47234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-47234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47234"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-30T13:24:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message"
},
{
"cve": "CVE-2023-47235",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248207"
}
],
"notes": [
{
"category": "description",
"text": "An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "frr: crash from malformed EOR-containing BGP UPDATE message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity issue has been identified in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR. It\u0027s important to note that Red Hat OpenStack Platform (RHOSP) is not directly affected, as it utilises the version from the underlying Red Hat Enterprise Linux and is marked as Not Affected, with no changes required by the OpenStack engineering team. However, system administrators of OpenStack deployments are advised to apply updates once available in RHEL to mitigate potential risks. Additionally, this flaw is discovered through fuzzing, where, in normal cases, such packets cannot exist.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-47235"
},
{
"category": "external",
"summary": "RHBZ#2248207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-47235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-47235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47235"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-30T13:24:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.src",
"AppStream-8.8.0.Z.EUS:frr-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debuginfo-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.aarch64",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.ppc64le",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.s390x",
"AppStream-8.8.0.Z.EUS:frr-debugsource-0:7.5.1-7.el8_8.5.x86_64",
"AppStream-8.8.0.Z.EUS:frr-selinux-0:7.5.1-7.el8_8.5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "frr: crash from malformed EOR-containing BGP UPDATE message"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…