Msrc Cbl2 Frr 8.5.5-1 On Cbl Mariner 2.0 vulnerabilities

4 known vulnerabilities affecting msrc/cbl2_frr_8.5.5-1_on_cbl_mariner_2.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-44070HIGHCVSS 7.52024-08-13
CVE-2024-44070 [HIGH] An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulne
msrc
CVE-2024-31951MEDIUMCVSS 6.52024-04-09
CVE-2024-31951 [MEDIUM] CWE-120 In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment R In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). FAQ: Is
msrc
CVE-2024-31950MEDIUMCVSS 6.52024-04-09
CVE-2024-31950 [MEDIUM] CWE-120 In FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). In FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). FAQ: Is Azure Linux the only Microsoft product that includes this
msrc
CVE-2024-27913MEDIUMCVSS 6.52024-02-13
CVE-2024-27913 [MEDIUM] ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet because of an attempted acc ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet because of an attempted access to a missing attribute field. FAQ: Is Azure Linux the only Microsoft p
msrc