SA-2023-050 - FRRouting BGP out-of-bounds read (CV... - Extreme Networks - 95751

Summary

An out-of-bounds read exists in the BGP daemon of FRRouting FRR. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a denial-of-service condition.

Products Potentially Affected

OS/Product	Exposure
Switch Engine (EXOS)	No

Repair Recommendations

None

Please see the full security advisory article here for more details and updates.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Popular Articles

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)

GTM-P2G8KFN