Msrc Azl3 Frr 8.5.3-2 On Azure Linux 3.0 vulnerabilities

5 known vulnerabilities affecting msrc/azl3_frr_8.5.3-2_on_azure_linux_3.0.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-47234HIGHCVSS 7.52023-11-14
CVE-2023-47234 [HIGH] An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory p An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). FAQ: Is Azure Linux the only Microsoft product that include
msrc
CVE-2023-47235HIGHCVSS 7.52023-11-14
CVE-2023-47235 [HIGH] An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw outcome. FAQ: Is Azure Linux the only Microsoft product that includes this o
msrc
CVE-2023-46752MEDIUMCVSS 5.92023-10-10
CVE-2023-46752 [MEDIUM] An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash. An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the
msrc
CVE-2023-46753MEDIUMCVSS 5.92023-10-10
CVE-2023-46753 [MEDIUM] CWE-863 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes e.g. one with only an unknown transit attribute. An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes e.g. one with only an unknown transit attribute. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is ther
msrc
CVE-2023-41361CRITICALCVSS 9.82023-08-08
CVE-2023-41361 [CRITICAL] CWE-120 An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose
msrc