Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-47234: bgpd: A couple more bgpd crash fixes for malformed packets by ton31337 · Pull Request #14716 · FRRouting/frr

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

CVE

Expand Up @@ -3399,15 +3399,6 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr, !length) return BGP_ATTR_PARSE_WITHDRAW;
/* "An UPDATE message that contains the MP_UNREACH_NLRI is not required to carry any other path attributes.", though if MP_REACH_NLRI or NLRI are present, it should. Check for any other attribute being present instead. */ if ((!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) && CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)))) return BGP_ATTR_PARSE_PROCEED;
if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN))) type = BGP_ATTR_ORIGIN;
Expand All @@ -3426,6 +3417,16 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr, && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF))) type = BGP_ATTR_LOCAL_PREF;
/* An UPDATE message that contains the MP_UNREACH_NLRI is not required * to carry any other path attributes. Though if MP_REACH_NLRI or NLRI * are present, it should. Check for any other attribute being present * instead. */ if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) && CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI))) return type ? BGP_ATTR_PARSE_MISSING_MANDATORY : BGP_ATTR_PARSE_PROCEED;
/* If any of the well-known mandatory attributes are not present * in an UPDATE message, then “treat-as-withdraw” MUST be used. */ Expand Down

Related news

Red Hat Security Advisory 2024-1152-03

Red Hat Security Advisory 2024-1152-03 - An update for frr is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include an out of bounds read vulnerability.

Red Hat Security Advisory 2024-1093-03

Red Hat Security Advisory 2024-1093-03 - An update for frr is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds read vulnerability.

Ubuntu Security Notice USN-6498-1

Ubuntu Security Notice 6498-1 - It was discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907