Debian Frr vulnerabilities

CVE-2022-37035 [HIGH] CVE-2022-37035: frr - An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_... An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. Scope: local bookworm: resolved (fi

CVE-2022-43681 [MEDIUM] CVE-2022-43681: frr - An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. Whe... An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Den

CVE-2022-40318 [MEDIUM] CVE-2022-40318: frr - An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BG... An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2)

CVE-2022-40302 [MEDIUM] CVE-2022-40302: frr - An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BG... An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2)

CVE-2020-12831 [MEDIUM] CVE-2020-12831: frr - An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1.... An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permi

CVE-2019-5892 [MEDIUM] CVE-2019-5892: frr - bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x bef... bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco i

CVE-2017-15865 [HIGH] CVE-2017-15865: frr - bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Li... bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492). Scope: l

CVE-2017-3224 [HIGH] CVE-2017-3224: frr - Open Shortest Path First (OSPF) protocol implementations may improperly determin... Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the