Bugzilla – Bug 1214735
VUL-0: CVE-2023-41358: frr,quagga: bgpd/bgp_packet.c processes NLRIs if the attribute length is zero, which can lead to crash
Last modified: 2024-04-18 12:22:10 UTC
CVE-2023-41358 An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41358 https://www.cve.org/CVERecord?id=CVE-2023-41358 https://github.com/FRRouting/frr/pull/14260
Affected: - SUSE:SLE-11-SP1:Update/quagga 0.99.15 - SUSE:SLE-12-SP2:Update/quagga 1.1.1 - SUSE:SLE-15:Update/quagga 1.1.1 - SUSE:SLE-15-SP4:Update/quagga 1.1.1 - SUSE:SLE-15-SP3:Update/frr 7.4 - SUSE:SLE-15-SP5:Update/frr 8.4
SUSE-SU-2023:3709-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1213284, 1213434, 1214735, 1214739, 1215065 CVE References: CVE-2023-3748, CVE-2023-38802, CVE-2023-41358, CVE-2023-41360, CVE-2023-41909 Sources used: openSUSE Leap 15.5 (src): frr-8.4-150500.4.8.1 Server Applications Module 15-SP5 (src): frr-8.4-150500.4.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3762-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1213284, 1214735, 1215065 CVE References: CVE-2023-38802, CVE-2023-41358, CVE-2023-41909 Sources used: SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): frr-7.4-150300.4.17.1 SUSE Manager Proxy 4.2 (src): frr-7.4-150300.4.17.1 SUSE Manager Retail Branch Server 4.2 (src): frr-7.4-150300.4.17.1 SUSE Manager Server 4.2 (src): frr-7.4-150300.4.17.1 SUSE Enterprise Storage 7.1 (src): frr-7.4-150300.4.17.1 openSUSE Leap 15.4 (src): frr-7.4-150300.4.17.1 Server Applications Module 15-SP4 (src): frr-7.4-150300.4.17.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): frr-7.4-150300.4.17.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): frr-7.4-150300.4.17.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): frr-7.4-150300.4.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3793-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1213284, 1214735 CVE References: CVE-2023-38802, CVE-2023-41358 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): quagga-1.1.1-17.10.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): quagga-1.1.1-17.10.1 SUSE Linux Enterprise Server 12 SP5 (src): quagga-1.1.1-17.10.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): quagga-1.1.1-17.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3839-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1213284, 1214735 CVE References: CVE-2023-38802, CVE-2023-41358 Sources used: openSUSE Leap 15.4 (src): quagga-1.1.1-150400.12.5.1 openSUSE Leap 15.5 (src): quagga-1.1.1-150400.12.5.1 Server Applications Module 15-SP4 (src): quagga-1.1.1-150400.12.5.1 Server Applications Module 15-SP5 (src): quagga-1.1.1-150400.12.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3836-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1213284, 1214735 CVE References: CVE-2023-38802, CVE-2023-41358 Sources used: SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): quagga-1.1.1-150000.4.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): quagga-1.1.1-150000.4.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): quagga-1.1.1-150000.4.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): quagga-1.1.1-150000.4.3.1 SUSE Manager Proxy 4.2 (src): quagga-1.1.1-150000.4.3.1 SUSE Manager Retail Branch Server 4.2 (src): quagga-1.1.1-150000.4.3.1 SUSE Manager Server 4.2 (src): quagga-1.1.1-150000.4.3.1 SUSE Enterprise Storage 7.1 (src): quagga-1.1.1-150000.4.3.1 SUSE CaaS Platform 4.0 (src): quagga-1.1.1-150000.4.3.1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): quagga-1.1.1-150000.4.3.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): quagga-1.1.1-150000.4.3.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): quagga-1.1.1-150000.4.3.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): quagga-1.1.1-150000.4.3.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): quagga-1.1.1-150000.4.3.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): quagga-1.1.1-150000.4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
closed