Bugzilla – Bug 1216626
VUL-0: CVE-2023-46753: frr: crafted BGP UPDATE message could lead to a crash
Last modified: 2023-11-21 04:52:23 UTC
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. References: https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46753
Tracking as affected: - SUSE:SLE-15-SP3:Update/frr 7.4 - SUSE:SLE-15-SP5:Update/frr 8.4 - openSUSE:Factory/frr 8.4 Upstream fix: https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9
SUSE-SU-2023:4473-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1216626, 1216627 CVE References: CVE-2023-46752, CVE-2023-46753 Sources used: openSUSE Leap 15.5 (src): frr-8.4-150500.4.11.1 Server Applications Module 15-SP5 (src): frr-8.4-150500.4.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4483-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1216626, 1216627 CVE References: CVE-2023-46752, CVE-2023-46753 Sources used: openSUSE Leap 15.4 (src): frr-7.4-150300.4.20.1 Server Applications Module 15-SP4 (src): frr-7.4-150300.4.20.1 openSUSE Leap 15.3 (src): frr-7.4-150300.4.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.