Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-41359: bgpd: Make sure we have enough data to read two bytes when validating AIGP by ton31337 · Pull Request #14232 · FRRouting/frr

An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.

CVE
Open in Source
#amazon#ubuntu#debian#git#c++#amd#rpm

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conversation 10 Commits 1 Checks 5 Files changed

Conversation

Found when fuzzing:

==3470861==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xffff77801ef7 at pc 0xaaaaba7b3dbc bp 0xffffcff0e760 sp 0xffffcff0df50
READ of size 2 at 0xffff77801ef7 thread T0
    0 0xaaaaba7b3db8 in __asan_memcpy (/home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgpd+0x363db8) (BuildId: cc710a2356e31c7f4e4a17595b54de82145a6e21)
    1 0xaaaaba81a8ac in ptr_get_be16 /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/./lib/stream.h:399:2
    2 0xaaaaba819f2c in bgp_attr_aigp_valid /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:504:3
    3 0xaaaaba808c20 in bgp_attr_aigp /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:3275:7
    4 0xaaaaba7ff4e0 in bgp_attr_parse /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:3678:10

Continuous Integration Result: FAILEDContinuous Integration Result: FAILED

Test incomplete. See below for issues.
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: IncompleteTopotests Ubuntu 18.04 arm8 part 6: Failed (click for details) Topotests Ubuntu 18.04 arm8 part 6: No useful log found Topotests Ubuntu 18.04 arm8 part 8: Failed (click for details) Topotests Ubuntu 18.04 arm8 part 8: Unknown Log URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/artifact/TOPO8U18AMD64/TopotestDetails/ Topotests Ubuntu 18.04 arm8 part 8: No useful log found Addresssanitizer topotests part 4: Incomplete (check logs for details) Topotests Ubuntu 18.04 arm8 part 9: Failed (click for details) Topotests Ubuntu 18.04 arm8 part 9: Unknown Log URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/artifact/TOPO9U18ARM8/TopotestDetails/ Topotests Ubuntu 18.04 arm8 part 9: No useful log found Topotests Ubuntu 18.04 i386 part 9: Failed (click for details)

Topology Test Results are at https://ci1.netdef.org/browse/FRR-PULLREQ2-TOPO9U18I386-13630/test

Topology Tests failed for Topotests Ubuntu 18.04 i386 part 9
see full log at https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/artifact/TOPO9U18I386/TopotestLogs/log_topotests.txt
Topotests Ubuntu 18.04 i386 part 9: Unknown Log
URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/artifact/TOPO9U18I386/TopotestDetails/

Successful on other platforms/tests

  • Topotests Ubuntu 18.04 amd64 part 0
  • Topotests Ubuntu 18.04 arm8 part 1
  • Topotests Ubuntu 18.04 amd64 part 7
  • Topotests debian 10 amd64 part 6
  • Addresssanitizer topotests part 3
  • Topotests Ubuntu 18.04 i386 part 5
  • Addresssanitizer topotests part 2
  • Topotests debian 10 amd64 part 5
  • Topotests Ubuntu 18.04 arm8 part 2
  • Addresssanitizer topotests part 9
  • Topotests Ubuntu 18.04 amd64 part 4
  • CentOS 7 rpm pkg check
  • Topotests debian 10 amd64 part 7
  • Topotests Ubuntu 18.04 amd64 part 3
  • Addresssanitizer topotests part 8
  • Topotests Ubuntu 18.04 i386 part 7
  • Topotests Ubuntu 18.04 i386 part 2
  • Ubuntu 18.04 deb pkg check
  • Topotests Ubuntu 18.04 i386 part 0
  • Addresssanitizer topotests part 6
  • Topotests Ubuntu 18.04 amd64 part 1
  • Topotests Ubuntu 18.04 amd64 part 2
  • Topotests Ubuntu 18.04 i386 part 8
  • Topotests Ubuntu 18.04 i386 part 3
  • Addresssanitizer topotests part 0
  • Debian 10 deb pkg check
  • Topotests debian 10 amd64 part 3
  • Topotests debian 10 amd64 part 8
  • Topotests Ubuntu 18.04 amd64 part 6
  • Topotests Ubuntu 18.04 arm8 part 4
  • Debian 9 deb pkg check
  • Topotests Ubuntu 18.04 arm8 part 3
  • Addresssanitizer topotests part 1
  • Topotests debian 10 amd64 part 9
  • Topotests Ubuntu 18.04 i386 part 4
  • Topotests debian 10 amd64 part 4
  • Topotests Ubuntu 18.04 amd64 part 9
  • Topotests Ubuntu 18.04 arm8 part 0
  • Topotests Ubuntu 18.04 arm8 part 7
  • Topotests debian 10 amd64 part 2
  • Topotests Ubuntu 18.04 amd64 part 8
  • Addresssanitizer topotests part 7
  • Static analyzer (clang)
  • Topotests debian 10 amd64 part 0
  • Topotests Ubuntu 18.04 amd64 part 5
  • Ubuntu 20.04 deb pkg check
  • Topotests Ubuntu 18.04 arm8 part 5
  • Addresssanitizer topotests part 5
  • Topotests debian 10 amd64 part 1
  • Topotests Ubuntu 18.04 i386 part 6
  • Topotests Ubuntu 18.04 i386 part 1

Continuous Integration Result: FAILEDContinuous Integration Result: FAILED

See below for issues.
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: FailedTopotests Ubuntu 18.04 arm8 part 6: Failed (click for details) Topotests Ubuntu 18.04 arm8 part 6: Unknown Log URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/artifact/TOPO6U18ARM8/TopotestDetails/ Topotests Ubuntu 18.04 arm8 part 6: No useful log found Topotests Ubuntu 18.04 arm8 part 8: Failed (click for details) Topotests Ubuntu 18.04 arm8 part 8: Unknown Log URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/artifact/TOPO8U18AMD64/TopotestDetails/ Topotests Ubuntu 18.04 arm8 part 8: No useful log found Topotests Ubuntu 18.04 arm8 part 9: Failed (click for details) Topotests Ubuntu 18.04 arm8 part 9: Unknown Log URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/artifact/TOPO9U18ARM8/TopotestDetails/ Topotests Ubuntu 18.04 arm8 part 9: No useful log found Topotests Ubuntu 18.04 i386 part 9: Failed (click for details)

Topology Test Results are at https://ci1.netdef.org/browse/FRR-PULLREQ2-TOPO9U18I386-13630/test

Topology Tests failed for Topotests Ubuntu 18.04 i386 part 9
see full log at https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/artifact/TOPO9U18I386/TopotestLogs/log_topotests.txt
Topotests Ubuntu 18.04 i386 part 9: Unknown Log
URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13630/artifact/TOPO9U18I386/TopotestDetails/

Successful on other platforms/tests

  • Topotests Ubuntu 18.04 amd64 part 0
  • Topotests Ubuntu 18.04 arm8 part 1
  • Topotests Ubuntu 18.04 amd64 part 7
  • Topotests debian 10 amd64 part 6
  • Addresssanitizer topotests part 3
  • Topotests Ubuntu 18.04 i386 part 5
  • Addresssanitizer topotests part 2
  • Topotests debian 10 amd64 part 5
  • Topotests Ubuntu 18.04 arm8 part 2
  • Addresssanitizer topotests part 9
  • Topotests Ubuntu 18.04 amd64 part 4
  • CentOS 7 rpm pkg check
  • Topotests debian 10 amd64 part 7
  • Topotests Ubuntu 18.04 amd64 part 3
  • Addresssanitizer topotests part 8
  • Topotests Ubuntu 18.04 i386 part 7
  • Topotests Ubuntu 18.04 i386 part 2
  • Ubuntu 18.04 deb pkg check
  • Topotests Ubuntu 18.04 i386 part 0
  • Addresssanitizer topotests part 6
  • Topotests Ubuntu 18.04 amd64 part 1
  • Topotests Ubuntu 18.04 amd64 part 2
  • Topotests Ubuntu 18.04 i386 part 8
  • Topotests Ubuntu 18.04 i386 part 3
  • Addresssanitizer topotests part 0
  • Debian 10 deb pkg check
  • Topotests debian 10 amd64 part 3
  • Topotests debian 10 amd64 part 8
  • Topotests Ubuntu 18.04 amd64 part 6
  • Topotests Ubuntu 18.04 arm8 part 4
  • Addresssanitizer topotests part 4
  • Debian 9 deb pkg check
  • Topotests Ubuntu 18.04 arm8 part 3
  • Addresssanitizer topotests part 1
  • Topotests debian 10 amd64 part 9
  • Topotests Ubuntu 18.04 i386 part 4
  • Topotests debian 10 amd64 part 4
  • Topotests Ubuntu 18.04 amd64 part 9
  • Topotests Ubuntu 18.04 arm8 part 0
  • Topotests Ubuntu 18.04 arm8 part 7
  • Topotests debian 10 amd64 part 2
  • Topotests Ubuntu 18.04 amd64 part 8
  • Addresssanitizer topotests part 7
  • Static analyzer (clang)
  • Topotests debian 10 amd64 part 0
  • Topotests Ubuntu 18.04 amd64 part 5
  • Ubuntu 20.04 deb pkg check
  • Topotests Ubuntu 18.04 arm8 part 5
  • Addresssanitizer topotests part 5
  • Topotests debian 10 amd64 part 1
  • Topotests Ubuntu 18.04 i386 part 6
  • Topotests Ubuntu 18.04 i386 part 1

Continuous Integration Result: FAILEDContinuous Integration Result: FAILED

Test incomplete. See below for issues.
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13644/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: IncompleteAddresssanitizer topotests part 4: Incomplete (check logs for details) Successful on other platforms/tests

  • Topotests Ubuntu 18.04 i386 part 6
  • Addresssanitizer topotests part 2
  • Topotests Ubuntu 18.04 amd64 part 5
  • Topotests Ubuntu 18.04 amd64 part 4
  • Topotests Ubuntu 18.04 i386 part 1
  • Addresssanitizer topotests part 9
  • Topotests Ubuntu 18.04 arm8 part 7
  • Topotests debian 10 amd64 part 6
  • Topotests Ubuntu 18.04 arm8 part 6
  • Topotests Ubuntu 18.04 arm8 part 1
  • Topotests Ubuntu 18.04 arm8 part 2
  • Addresssanitizer topotests part 3
  • Topotests Ubuntu 18.04 amd64 part 7
  • Topotests Ubuntu 18.04 i386 part 2
  • Topotests debian 10 amd64 part 5
  • Topotests debian 10 amd64 part 0
  • Topotests Ubuntu 18.04 arm8 part 8
  • Addresssanitizer topotests part 7
  • Topotests Ubuntu 18.04 i386 part 0
  • Topotests debian 10 amd64 part 9
  • Topotests Ubuntu 18.04 i386 part 7
  • Addresssanitizer topotests part 6
  • CentOS 7 rpm pkg check
  • Topotests debian 10 amd64 part 7
  • Topotests Ubuntu 18.04 amd64 part 2
  • Topotests Ubuntu 18.04 amd64 part 3
  • Topotests Ubuntu 18.04 amd64 part 0
  • Topotests debian 10 amd64 part 8
  • Topotests Ubuntu 18.04 arm8 part 4
  • Topotests Ubuntu 18.04 i386 part 5
  • Ubuntu 20.04 deb pkg check
  • Ubuntu 18.04 deb pkg check
  • Topotests Ubuntu 18.04 arm8 part 9
  • Debian 10 deb pkg check
  • Debian 9 deb pkg check
  • Addresssanitizer topotests part 1
  • Topotests Ubuntu 18.04 i386 part 4
  • Topotests Ubuntu 18.04 amd64 part 1
  • Topotests Ubuntu 18.04 i386 part 3
  • Topotests Ubuntu 18.04 i386 part 8
  • Addresssanitizer topotests part 8
  • Topotests Ubuntu 18.04 amd64 part 6
  • Topotests Ubuntu 18.04 amd64 part 9
  • Topotests Ubuntu 18.04 arm8 part 5
  • Addresssanitizer topotests part 5
  • Topotests Ubuntu 18.04 arm8 part 3
  • Topotests debian 10 amd64 part 1
  • Topotests debian 10 amd64 part 4
  • Topotests debian 10 amd64 part 2
  • Topotests Ubuntu 18.04 i386 part 9
  • Topotests Ubuntu 18.04 arm8 part 0
  • Topotests Ubuntu 18.04 amd64 part 8
  • Topotests debian 10 amd64 part 3
  • Addresssanitizer topotests part 0
  • Static analyzer (clang)

Continuous Integration Result: SUCCESSFULContinuous Integration Result: SUCCESSFUL

Congratulations, this patch passed basic tests

Tested-by: NetDEF / OpenSourceRouting.org CI System

CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13644/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

… AIGP

Found when fuzzing:

``` ==3470861==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xffff77801ef7 at pc 0xaaaaba7b3dbc bp 0xffffcff0e760 sp 0xffffcff0df50 READ of size 2 at 0xffff77801ef7 thread T0 0 0xaaaaba7b3db8 in __asan_memcpy (/home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgpd+0x363db8) (BuildId: cc710a2356e31c7f4e4a17595b54de82145a6e21) 1 0xaaaaba81a8ac in ptr_get_be16 /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/./lib/stream.h:399:2 2 0xaaaaba819f2c in bgp_attr_aigp_valid /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:504:3 3 0xaaaaba808c20 in bgp_attr_aigp /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:3275:7 4 0xaaaaba7ff4e0 in bgp_attr_parse /home/ubuntu/frr_8_5_2/frr_8_5_2_fuzz_clang/bgpd/bgp_attr.c:3678:10 ```

Reported-by: Iggy Frankovic [email protected] Signed-off-by: Donatas Abraitis [email protected]

Continuous Integration Result: FAILEDContinuous Integration Result: FAILED

Test incomplete. See below for issues.
CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13677/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

Get source / Pull Request: Successful****Building Stage: Successful****Basic Tests: IncompleteAddresssanitizer topotests part 4: Incomplete (check logs for details) Topotests Ubuntu 18.04 i386 part 1: Failed (click for details)

Topology Test Results are at https://ci1.netdef.org/browse/FRR-PULLREQ2-TOPO1U18I386-13677/test

Topology Tests failed for Topotests Ubuntu 18.04 i386 part 1
see full log at https://ci1.netdef.org/browse/FRR-PULLREQ2-13677/artifact/TOPO1U18I386/TopotestLogs/log_topotests.txt
Topotests Ubuntu 18.04 i386 part 1: Unknown Log
URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13677/artifact/TOPO1U18I386/TopotestDetails/

Topotests Ubuntu 18.04 i386 part 9: Failed (click for details)

Topology Test Results are at https://ci1.netdef.org/browse/FRR-PULLREQ2-TOPO9U18I386-13677/test

Topology Tests failed for Topotests Ubuntu 18.04 i386 part 9
see full log at https://ci1.netdef.org/browse/FRR-PULLREQ2-13677/artifact/TOPO9U18I386/TopotestLogs/log_topotests.txt
Topotests Ubuntu 18.04 i386 part 9: Unknown Log
URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13677/artifact/TOPO9U18I386/TopotestDetails/

Successful on other platforms/tests

  • Topotests Ubuntu 18.04 arm8 part 3
  • Topotests debian 10 amd64 part 9
  • Addresssanitizer topotests part 5
  • Topotests debian 10 amd64 part 4
  • Topotests Ubuntu 18.04 amd64 part 3
  • Topotests Ubuntu 18.04 amd64 part 2
  • Topotests debian 10 amd64 part 8
  • Addresssanitizer topotests part 0
  • Topotests debian 10 amd64 part 3
  • Topotests Ubuntu 18.04 arm8 part 4
  • Addresssanitizer topotests part 2
  • Topotests Ubuntu 18.04 arm8 part 9
  • Ubuntu 20.04 deb pkg check
  • Topotests Ubuntu 18.04 amd64 part 5
  • Topotests Ubuntu 18.04 i386 part 6
  • Debian 10 deb pkg check
  • Topotests Ubuntu 18.04 amd64 part 4
  • Addresssanitizer topotests part 9
  • Topotests Ubuntu 18.04 amd64 part 9
  • Topotests Ubuntu 18.04 arm8 part 7
  • Topotests Ubuntu 18.04 i386 part 8
  • Topotests Ubuntu 18.04 i386 part 3
  • Addresssanitizer topotests part 3
  • Topotests Ubuntu 18.04 arm8 part 2
  • Topotests Ubuntu 18.04 amd64 part 7
  • Topotests debian 10 amd64 part 0
  • Addresssanitizer topotests part 7
  • Topotests Ubuntu 18.04 i386 part 0
  • Addresssanitizer topotests part 6
  • CentOS 7 rpm pkg check
  • Topotests debian 10 amd64 part 1
  • Topotests Ubuntu 18.04 arm8 part 5
  • Topotests debian 10 amd64 part 2
  • Topotests debian 10 amd64 part 7
  • Topotests Ubuntu 18.04 arm8 part 0
  • Topotests Ubuntu 18.04 amd64 part 8
  • Topotests Ubuntu 18.04 amd64 part 0
  • Static analyzer (clang)
  • Topotests Ubuntu 18.04 i386 part 5
  • Ubuntu 18.04 deb pkg check
  • Topotests debian 10 amd64 part 5
  • Debian 9 deb pkg check
  • Addresssanitizer topotests part 1
  • Topotests Ubuntu 18.04 i386 part 4
  • Topotests Ubuntu 18.04 amd64 part 1
  • Topotests debian 10 amd64 part 6
  • Topotests Ubuntu 18.04 arm8 part 1
  • Addresssanitizer topotests part 8
  • Topotests Ubuntu 18.04 arm8 part 6
  • Topotests Ubuntu 18.04 i386 part 7
  • Topotests Ubuntu 18.04 amd64 part 6
  • Topotests Ubuntu 18.04 i386 part 2
  • Topotests Ubuntu 18.04 arm8 part 8

Continuous Integration Result: SUCCESSFUL

Congratulations, this patch passed basic tests

Tested-by: NetDEF / OpenSourceRouting.org CI System

CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-13677/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

ton31337 deleted the fix/aigp_validation_bytes branch

August 24, 2023 11:44

This was referenced

Aug 24, 2023

donaldsharp added a commit that referenced this pull request

Aug 24, 2023

bgpd: Make sure we have enough data to read two bytes when validating AIGP (backport #14232)

donaldsharp added a commit that referenced this pull request

Aug 24, 2023

bgpd: Make sure we have enough data to read two bytes when validating AIGP (backport #14232)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE