Bugzilla – Bug 1216627
VUL-0: CVE-2023-46752: frr: mishandled malformed MP_REACH_NLRI data could lead to a crash
Last modified: 2023-11-21 04:51:52 UTC
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. References: https://github.com/FRRouting/frr/pull/14645/commits/b08afc81c60607a4f736f418f2e3eb06087f1a35 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46752
Tracking as affected: - SUSE:SLE-15-SP3:Update/frr 7.4 - SUSE:SLE-15-SP5:Update/frr 8.4 - openSUSE:Factory/frr 8.4 Upstream fix: https://github.com/FRRouting/frr/pull/14645/commits/b08afc81c60607a4f736f418f2e3eb06087f1a35
SUSE-SU-2023:4473-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1216626, 1216627 CVE References: CVE-2023-46752, CVE-2023-46753 Sources used: openSUSE Leap 15.5 (src): frr-8.4-150500.4.11.1 Server Applications Module 15-SP5 (src): frr-8.4-150500.4.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4483-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1216626, 1216627 CVE References: CVE-2023-46752, CVE-2023-46753 Sources used: openSUSE Leap 15.4 (src): frr-7.4-150300.4.20.1 Server Applications Module 15-SP4 (src): frr-7.4-150300.4.20.1 openSUSE Leap 15.3 (src): frr-7.4-150300.4.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.