Описание
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR.
Отчет
A moderate severity issue has been identified in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR. It's important to note that Red Hat OpenStack Platform (RHOSP) is not directly affected, as it utilises the version from the underlying Red Hat Enterprise Linux and is marked as Not Affected, with no changes required by the OpenStack engineering team. However, system administrators of OpenStack deployments are advised to apply updates once available in RHEL to mitigate potential risks. Additionally, this flaw is discovered through fuzzing, where, in normal cases, such packets cannot exist.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 17.1 | frr | Not affected | ||
| Red Hat OpenStack Platform 18.0 | frr | Not affected | ||
| Red Hat Enterprise Linux 8 | frr | Fixed | RHSA-2024:0130 | 10.01.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | frr | Fixed | RHSA-2024:1113 | 05.03.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | frr | Fixed | RHSA-2024:0574 | 30.01.2024 |
| Red Hat Enterprise Linux 9 | frr | Fixed | RHSA-2024:0477 | 25.01.2024 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | frr | Fixed | RHSA-2024:1152 | 05.03.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | frr | Fixed | RHSA-2024:1093 | 05.03.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
EPSS
7.5 High
CVSS3