Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-41361: bgpd: Check the length of the rcv software version by ton31337 · Pull Request #14241 · FRRouting/frr

An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

CVE
Open in Source
#amazon#ubuntu#debian#git#c++#amd#auth#rpm

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

donaldsharp merged 1 commit into FRRouting:master from opensourcerouting:fix/software_version_capability_handling_len

Aug 21, 2023

Merged

bgpd: Check the length of the rcv software version #14241

donaldsharp merged 1 commit into FRRouting:master from opensourcerouting:fix/software_version_capability_handling_len

Aug 21, 2023

+11 −1

Conversation 6 Commits 1 Checks 5 Files changed 1

Conversation

Copy link

Member

**

ton31337 commented

Aug 20, 2023

**

Make sure we don’t exceed the maximum of BGP_MAX_SOFT_VERSION.

The Capability Length SHOULD be no greater than 64.

Reported-by: Iggy Frankovic [email protected]

frrbot bot added the bgp label

Aug 20, 2023

github-actions bot added master size/XS labels

Aug 20, 2023

ton31337 force-pushed the fix/software_version_capability_handling_len branch from 4ab7b68 to 5e3a269 Compare

August 20, 2023 18:47

github-actions bot added size/S and removed size/XS labels

Aug 20, 2023

      bgpd: Check the length of the rcv software version
    

      b4d09af

Make sure we don’t exceed the maximum of BGP_MAX_SOFT_VERSION.

The Capability Length SHOULD be no greater than 64.

Reported-by: Iggy Frankovic [email protected] Signed-off-by: Donatas Abraitis [email protected]

ton31337 force-pushed the fix/software_version_capability_handling_len branch from 5e3a269 to b4d09af Compare

August 20, 2023 18:48

Copy link

Member Author

**

ton31337 commented

Aug 20, 2023

**

@Mergifyio backport stable/9.0

mergify[bot] reacted with thumbs up emoji

Copy link

**

mergify bot commented

Aug 20, 2023

edited

**

backport stable/9.0

✅ Backports have been created

  • #14250 bgpd: Check the length of the rcv software version (backport #14241) has been created for branch stable/9.0

github-actions bot added the backport label

Aug 20, 2023

Copy link

Collaborator

**

NetDEF-CI commented

Aug 20, 2023

edited

**

Continuous Integration Result: FAILEDContinuous Integration Result: FAILED

Test incomplete. See below for issues.
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13678/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: IncompleteAddresssanitizer topotests part 4: Incomplete (check logs for details) Successful on other platforms/tests

  • Topotests Ubuntu 18.04 arm8 part 3
  • Topotests debian 10 amd64 part 9
  • Addresssanitizer topotests part 5
  • Topotests debian 10 amd64 part 4
  • Topotests Ubuntu 18.04 amd64 part 3
  • Topotests Ubuntu 18.04 amd64 part 2
  • Addresssanitizer topotests part 0
  • Topotests debian 10 amd64 part 3
  • Topotests debian 10 amd64 part 8
  • Topotests Ubuntu 18.04 arm8 part 4
  • Topotests Ubuntu 18.04 arm8 part 9
  • Addresssanitizer topotests part 2
  • Topotests Ubuntu 18.04 amd64 part 5
  • Ubuntu 20.04 deb pkg check
  • Topotests Ubuntu 18.04 arm8 part 2
  • Topotests Ubuntu 18.04 i386 part 6
  • Addresssanitizer topotests part 9
  • Topotests Ubuntu 18.04 amd64 part 4
  • Topotests Ubuntu 18.04 i386 part 1
  • Topotests Ubuntu 18.04 amd64 part 9
  • Topotests Ubuntu 18.04 arm8 part 7
  • Topotests Ubuntu 18.04 i386 part 8
  • Topotests Ubuntu 18.04 i386 part 3
  • Topotests Ubuntu 18.04 amd64 part 7
  • Debian 10 deb pkg check
  • Addresssanitizer topotests part 3
  • Addresssanitizer topotests part 7
  • Topotests debian 10 amd64 part 0
  • Topotests Ubuntu 18.04 i386 part 0
  • Addresssanitizer topotests part 6
  • Topotests Ubuntu 18.04 arm8 part 5
  • Topotests debian 10 amd64 part 1
  • CentOS 7 rpm pkg check
  • Topotests debian 10 amd64 part 7
  • Topotests Ubuntu 18.04 amd64 part 0
  • Topotests Ubuntu 18.04 arm8 part 0
  • Topotests Ubuntu 18.04 i386 part 9
  • Topotests Ubuntu 18.04 amd64 part 8
  • Topotests debian 10 amd64 part 2
  • Static analyzer (clang)
  • Topotests Ubuntu 18.04 i386 part 5
  • Ubuntu 18.04 deb pkg check
  • Debian 9 deb pkg check
  • Topotests debian 10 amd64 part 5
  • Addresssanitizer topotests part 1
  • Topotests Ubuntu 18.04 i386 part 4
  • Topotests Ubuntu 18.04 amd64 part 1
  • Topotests Ubuntu 18.04 arm8 part 6
  • Topotests Ubuntu 18.04 arm8 part 1
  • Addresssanitizer topotests part 8
  • Topotests Ubuntu 18.04 i386 part 7
  • Topotests debian 10 amd64 part 6
  • Topotests Ubuntu 18.04 i386 part 2
  • Topotests Ubuntu 18.04 arm8 part 8
  • Topotests Ubuntu 18.04 amd64 part 6

Copy link

Collaborator

**

NetDEF-CI commented

Aug 20, 2023

edited

**

Continuous Integration Result: FAILEDContinuous Integration Result: FAILED

Test incomplete. See below for issues.
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13679/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: IncompleteAddresssanitizer topotests part 4: Incomplete (check logs for details) Successful on other platforms/tests

  • Topotests Ubuntu 18.04 arm8 part 3
  • Topotests debian 10 amd64 part 9
  • Addresssanitizer topotests part 5
  • Topotests debian 10 amd64 part 4
  • Topotests Ubuntu 18.04 amd64 part 3
  • Topotests Ubuntu 18.04 amd64 part 2
  • Addresssanitizer topotests part 0
  • Topotests debian 10 amd64 part 8
  • Topotests debian 10 amd64 part 3
  • Topotests Ubuntu 18.04 arm8 part 4
  • Topotests Ubuntu 18.04 arm8 part 9
  • Topotests Ubuntu 18.04 amd64 part 5
  • Ubuntu 20.04 deb pkg check
  • Topotests Ubuntu 18.04 arm8 part 2
  • Topotests Ubuntu 18.04 i386 part 1
  • Topotests Ubuntu 18.04 i386 part 6
  • Topotests Ubuntu 18.04 amd64 part 4
  • Addresssanitizer topotests part 9
  • Topotests Ubuntu 18.04 amd64 part 9
  • Topotests Ubuntu 18.04 i386 part 3
  • Topotests Ubuntu 18.04 arm8 part 7
  • Topotests Ubuntu 18.04 i386 part 8
  • Addresssanitizer topotests part 3
  • Debian 10 deb pkg check
  • Addresssanitizer topotests part 7
  • Topotests debian 10 amd64 part 0
  • Topotests Ubuntu 18.04 amd64 part 7
  • Addresssanitizer topotests part 6
  • Topotests Ubuntu 18.04 i386 part 0
  • Topotests Ubuntu 18.04 i386 part 5
  • Topotests debian 10 amd64 part 1
  • Topotests Ubuntu 18.04 arm8 part 5
  • CentOS 7 rpm pkg check
  • Topotests Ubuntu 18.04 arm8 part 0
  • Topotests Ubuntu 18.04 amd64 part 0
  • Topotests Ubuntu 18.04 i386 part 9
  • Topotests debian 10 amd64 part 2
  • Topotests Ubuntu 18.04 amd64 part 8
  • Static analyzer (clang)
  • Addresssanitizer topotests part 2
  • Debian 9 deb pkg check
  • Topotests Ubuntu 18.04 amd64 part 1
  • Topotests debian 10 amd64 part 5
  • Ubuntu 18.04 deb pkg check
  • Addresssanitizer topotests part 1
  • Topotests Ubuntu 18.04 i386 part 4
  • Topotests debian 10 amd64 part 7
  • Topotests Ubuntu 18.04 arm8 part 6
  • Addresssanitizer topotests part 8
  • Topotests debian 10 amd64 part 6
  • Topotests Ubuntu 18.04 arm8 part 1
  • Topotests Ubuntu 18.04 i386 part 7
  • Topotests Ubuntu 18.04 amd64 part 6
  • Topotests Ubuntu 18.04 i386 part 2
  • Topotests Ubuntu 18.04 arm8 part 8

Copy link

Collaborator

**

NetDEF-CI commented

Aug 20, 2023

edited

**

Continuous Integration Result: FAILEDContinuous Integration Result: FAILED

Test incomplete. See below for issues.
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: IncompleteAddresssanitizer topotests part 4: Incomplete (check logs for details) Topotests Ubuntu 18.04 i386 part 3: Failed (click for details) Topotests Ubuntu 18.04 i386 part 3: Unknown Log URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO3U18I386/TopotestDetails/

Topology Test Results are at https://ci1.netdef.org/browse/FRR-PULLREQ2-TOPO3U18I386-13680/test

Topology Tests failed for Topotests Ubuntu 18.04 i386 part 3
see full log at https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO3U18I386/TopotestLogs/log_topotests.txt

Topotests Ubuntu 18.04 i386 part 9: Failed (click for details)

Topology Test Results are at https://ci1.netdef.org/browse/FRR-PULLREQ2-TOPO9U18I386-13680/test

Topology Tests failed for Topotests Ubuntu 18.04 i386 part 9
see full log at https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO9U18I386/TopotestLogs/log_topotests.txt
Topotests Ubuntu 18.04 i386 part 9: Unknown Log
URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/artifact/TOPO9U18I386/TopotestDetails/

Successful on other platforms/tests

  • Topotests Ubuntu 18.04 arm8 part 3
  • Topotests debian 10 amd64 part 9
  • Addresssanitizer topotests part 5
  • Topotests Ubuntu 18.04 amd64 part 2
  • Topotests debian 10 amd64 part 4
  • Topotests Ubuntu 18.04 amd64 part 3
  • Topotests debian 10 amd64 part 8
  • Addresssanitizer topotests part 0
  • Topotests Ubuntu 18.04 arm8 part 4
  • Topotests debian 10 amd64 part 3
  • Topotests Ubuntu 18.04 arm8 part 9
  • Topotests debian 10 amd64 part 0
  • Topotests Ubuntu 18.04 amd64 part 5
  • Ubuntu 20.04 deb pkg check
  • Topotests Ubuntu 18.04 arm8 part 2
  • Topotests Ubuntu 18.04 i386 part 1
  • Topotests Ubuntu 18.04 amd64 part 8
  • Addresssanitizer topotests part 9
  • Topotests Ubuntu 18.04 amd64 part 4
  • Topotests Ubuntu 18.04 arm8 part 0
  • Topotests Ubuntu 18.04 i386 part 6
  • Topotests Ubuntu 18.04 i386 part 8
  • Topotests Ubuntu 18.04 amd64 part 9
  • Topotests Ubuntu 18.04 arm8 part 7
  • Debian 10 deb pkg check
  • Addresssanitizer topotests part 7
  • Topotests Ubuntu 18.04 amd64 part 7
  • Addresssanitizer topotests part 6
  • Topotests Ubuntu 18.04 i386 part 5
  • Topotests Ubuntu 18.04 i386 part 0
  • Addresssanitizer topotests part 3
  • Topotests debian 10 amd64 part 1
  • Topotests Ubuntu 18.04 arm8 part 5
  • CentOS 7 rpm pkg check
  • Topotests Ubuntu 18.04 amd64 part 0
  • Topotests debian 10 amd64 part 2
  • Addresssanitizer topotests part 2
  • Static analyzer (clang)
  • Debian 9 deb pkg check
  • Topotests Ubuntu 18.04 amd64 part 1
  • Addresssanitizer topotests part 1
  • Topotests Ubuntu 18.04 i386 part 4
  • Ubuntu 18.04 deb pkg check
  • Topotests debian 10 amd64 part 5
  • Topotests debian 10 amd64 part 7
  • Topotests Ubuntu 18.04 arm8 part 6
  • Addresssanitizer topotests part 8
  • Topotests debian 10 amd64 part 6
  • Topotests Ubuntu 18.04 arm8 part 8
  • Topotests Ubuntu 18.04 i386 part 7
  • Topotests Ubuntu 18.04 arm8 part 1
  • Topotests Ubuntu 18.04 i386 part 2
  • Topotests Ubuntu 18.04 amd64 part 6

Copy link

Collaborator

**

NetDEF-CI commented

Aug 21, 2023

**

Continuous Integration Result: SUCCESSFUL

Congratulations, this patch passed basic tests

Tested-by: NetDEF / OpenSourceRouting.org CI System

CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13680/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

donaldsharp merged commit ff4c767 into FRRouting:master

Aug 21, 2023

6 checks passed

mergify bot mentioned this pull request

Aug 21, 2023

bgpd: Check the length of the rcv software version (backport #14241) #14250

Merged

ton31337 deleted the fix/software_version_capability_handling_len branch

August 21, 2023 13:53

donaldsharp added a commit that referenced this pull request

Aug 21, 2023

      Merge pull request #14250 from FRRouting/mergify/bp/stable/9.0/pr-14241
    

      d8238e9

bgpd: Check the length of the rcv software version (backport #14241)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport bgp master size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

None yet

3 participants

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE