frr: Fix CVE-2023-38802 and CVE-2023-41358 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2023-09-05 13:12:21 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-09-06 09:12:30 -0400
commit	0901bb4c6a315a48a0fcb49a51e0ff6547e37087 (patch)
tree	23e9bcfab4863c7739ba28f0b005ff9cb5686a9f /meta-python/recipes-devtools/python/python3-aiosignal_1.2.0.bb
parent	bef3ed137ba5cea67b8ed862b1af599d1c8e3867 (diff)
download	meta-openembedded-0901bb4c6a315a48a0fcb49a51e0ff6547e37087.tar.gz

frr: Fix CVE-2023-38802 and CVE-2023-41358

CVE-2023-38802: FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). CVE-2023-41358: An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. References: https://nvd.nist.gov/vuln/detail/CVE-2023-38802 https://nvd.nist.gov/vuln/detail/CVE-2023-41358 Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-aiosignal_1.2.0.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: