Main Vulnerability Database SB2023100349

SB2023100349 - SUSE update for frr

Published: October 3, 2023

Security Bulletin ID SB2023100349

Severity

Medium

Patch available

YES

Number of vulnerabilities 5

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Infinite loop (CVE-ID: CVE-2023-3748)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing hello messages. A remote attacker can send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to consume all available system resources and cause denial of service conditions.

2) Input validation error (CVE-ID: CVE-2023-38802)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing BGP update data with a corrupted attribute 23 (Tunnel Encapsulation). A remote attacker can send specially crafted BGP update data to the application and perform a denial of service (DoS) attack.

3) Input validation error (CVE-ID: CVE-2023-41358)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in bgpd/bgp_packet.c when handling NLRIs. A remote attacker can send specially crafted input to the application and perform a denial of service (DoS) attack.

4) Out-of-bounds read (CVE-ID: CVE-2023-41360)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in bgpd/bgp_packet.c. A remote attacker can read the initial byte of the ORF header in an ahead-of-stream situation.

5) NULL pointer dereference (CVE-ID: CVE-2023-41909)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the bgp_nlri_parse_flowspec() function in bgpd/bgp_flowspec.c. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20233709-1/

Vulnerable Software

Server Applications Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
libfrr0-debuginfo: before 8.4-150500.4.8.1
libfrrcares0: before 8.4-150500.4.8.1
frr-debugsource: before 8.4-150500.4.8.1
libfrrfpm_pb0-debuginfo: before 8.4-150500.4.8.1
libfrrsnmp0: before 8.4-150500.4.8.1
frr: before 8.4-150500.4.8.1
frr-debuginfo: before 8.4-150500.4.8.1
libfrrospfapiclient0-debuginfo: before 8.4-150500.4.8.1
libfrrfpm_pb0: before 8.4-150500.4.8.1
libfrrospfapiclient0: before 8.4-150500.4.8.1
libmlag_pb0-debuginfo: before 8.4-150500.4.8.1
libmlag_pb0: before 8.4-150500.4.8.1
libfrrsnmp0-debuginfo: before 8.4-150500.4.8.1
libfrrcares0-debuginfo: before 8.4-150500.4.8.1
libfrrzmq0-debuginfo: before 8.4-150500.4.8.1
libfrr_pb0-debuginfo: before 8.4-150500.4.8.1
libfrr0: before 8.4-150500.4.8.1
frr-devel: before 8.4-150500.4.8.1
libfrr_pb0: before 8.4-150500.4.8.1
libfrrzmq0: before 8.4-150500.4.8.1

SB2023100349 - SUSE update for frr

Breakdown by Severity

Description

Remediation

References

Please verify you're human