Headline

CVE-2023-38406: bgpd: Flowspec overflow issue by donaldsharp · Pull Request #12884 · FRRouting/frr

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a “flowspec overflow.”

12 months ago

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conversation 3 Commits 1 Checks 6 Files changed

Conversation

According to the flowspec RFC 8955 a flowspec nlri is <length, > Specifying 0 as a length makes BGP get all warm on the inside. Which in this case is not a good thing at all. Prevent warmth, stay cold on the inside.

Reported-by: Iggy Frankovic [email protected]

According to the flowspec RFC 8955 a flowspec nlri is <length, <nlri data>> Specifying 0 as a length makes BGP get all warm on the inside. Which in this case is not a good thing at all. Prevent warmth, stay cold on the inside.

Reported-by: Iggy Frankovic [email protected] Signed-off-by: Donald Sharp [email protected]

@Mergifyio backport dev/8.5 stable/8.4 stable/8.3 stable/8.2 stable/8.1

Continuous Integration Result: SUCCESSFUL

Congratulations, this patch passed basic tests

Tested-by: NetDEF / OpenSourceRouting.org CI System

CI System Testrun URL: https://ci1.netdef.org/browse/FRR-PULLREQ2-9871/

This is a comment from an automated CI system.
For questions and feedback in regards to this CI system, please feel free to email
Martin Winter - mwinter (at) opensourcerouting.org.

This was referenced

Feb 24, 2023

ton31337 added a commit that referenced this pull request

Feb 24, 2023