Headline
Debian Security Advisory 5362-1
Debian Linux Security Advisory 5362-1 - An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5362-1 [email protected]://www.debian.org/security/ Aron XuFebruary 24, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : frrCVE ID : CVE-2022-37032Debian Bug : 1021016An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead toa segmentation fault and denial of service. This occurs inbgp_capability_msg_parse in bgpd/bgp_packet.c.For the stable distribution (bullseye), this problem has been fixed inversion 7.5.1-1.1+deb11u1.We recommend that you upgrade your frr packages.For the detailed security status of frr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/frrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmP4sT8ACgkQO1LKKgqv2VQO+Af/WZTA1UtOJxH7d0Dd1DFeyvYSt7LXAt0uZxLhhwfWFM9iuxuAJgw+e1bg6XF2fohXFSIgmGBJ8nN8/h5K+7RMYK4kmwXw4XHfOVKKCt+BD7vfKxz9RmNFeiFIVHUxEdidSI72medZHzC2kgySmRKbtOmLd3WVnVzKn0ShW3AcAILmSdNQgeWcgFl1A3DkBhTE19dg2GxyFCDy9f7NRbT/MRkJwwTfLiaSQdzoeUS8veHvA/W+s/FIoututGDvhgVSptF1pI4W/IdYvLlaqROKyoatgc/SKQS4tFaTJjGVp2dVx/CD76KF2H0C101NXVDeMww6YBLyKoc/HB+QkQGcyA===Eim+-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice 6482-1 - It was discovered that Quagga incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service.
An update for frr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37032: A vulnerability was found in FRRouting. This issue occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. An out-of-bounds read in the BGP daemon may lead to a segmentation fault and a denial of service.
An update for frr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37032: A vulnerability was found in FRRouting. This issue occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. An out-of-bounds read in the BGP daemon may lead to a segmentation fault and a denial of service.
Ubuntu Security Notice 5685-1 - It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. It was discovered that FRR incorrectly handled processing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service, obtain sensitive information, or execute arbitrary code.
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.