Headline
CVE-2023-41909: Limit scope by donaldsharp · Pull Request #13222 · FRRouting/frr
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bgpd: Limit flowspec to no attribute means a implicit withdrawal
All other parsing functions done from bgp_nlri_parse() assume no attributes == an implicit withdrawal. Let’s move bgp_nlri_parse_flowspec() into the same alignment.
Reported-by: Matteo Memelli [email protected] Signed-off-by: Donald Sharp [email protected]
- Loading branch information