Msrc Cbl2 Frr 8.5.3-6 On Cbl Mariner 2.0 vulnerabilities

4 known vulnerabilities affecting msrc/cbl2_frr_8.5.3-6_on_cbl_mariner_2.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-34088HIGHCVSS 7.52024-04-09
CVE-2024-34088 [HIGH] CWE-476 In FRRouting (FRR) through 9.1 it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL val In FRRouting (FRR) through 9.1 it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value the OSPF daemon crashes leading to denial of service. FAQ: Is Azu
msrc
CVE-2024-31951MEDIUMCVSS 6.52024-04-09
CVE-2024-31951 [MEDIUM] CWE-120 In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment R In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). FAQ: Is
msrc
CVE-2024-31950MEDIUMCVSS 6.52024-04-09
CVE-2024-31950 [MEDIUM] CWE-120 In FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). In FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). FAQ: Is Azure Linux the only Microsoft product that includes this
msrc
CVE-2024-27913MEDIUMCVSS 6.52024-02-13
CVE-2024-27913 [MEDIUM] ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet because of an attempted acc ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet because of an attempted access to a missing attribute field. FAQ: Is Azure Linux the only Microsoft p
msrc