SUSE-SU-2023:4663-1
- Source
- https://www.suse.com/support/update/announcement/2023/suse-su-20234663-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4663-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2023:4663-1
- Upstream
- Related
- Published
- 2023-12-06T12:27:39Z
- Modified
- 2025-05-08T17:31:58.292873Z
- Summary
- Security update for frr
- Details
-
This update for frr fixes the following issues:
- CVE-2023-47235: Fixed denial of service caused by malformed BGP UPDATE message with an EOR is processed (bsc#1216896).
- CVE-2023-47234: Fixed denial of service caused by crafted BGP UPDATE message with a MPUNREACHNLRI attribute (bsc#1216897).
- CVE-2023-38407: Fixed read beyond the end of the stream during labeled unicast parsing (bsc#1216899).
- CVE-2023-38406: Fixed mishandling of nlri length of zero, aka a 'flowspec overflow (bsc#1216900).
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20234663-1/
- https://bugzilla.suse.com/1216896
- https://bugzilla.suse.com/1216897
- https://bugzilla.suse.com/1216899
- https://bugzilla.suse.com/1216900
- https://www.suse.com/security/cve/CVE-2023-38406
- https://www.suse.com/security/cve/CVE-2023-38407
- https://www.suse.com/security/cve/CVE-2023-47234
- https://www.suse.com/security/cve/CVE-2023-47235
Affected packages
SUSE:Linux Enterprise Module for Server Applications 15 SP5 / frr
Package
- Name
- frr
- Purl
- pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.4-150500.4.15.1
Ecosystem specific
{
"binaries": [
{
"frr-devel": "8.4-150500.4.15.1",
"libmlag_pb0": "8.4-150500.4.15.1",
"libfrr0": "8.4-150500.4.15.1",
"frr": "8.4-150500.4.15.1",
"libfrr_pb0": "8.4-150500.4.15.1",
"libfrrzmq0": "8.4-150500.4.15.1",
"libfrrospfapiclient0": "8.4-150500.4.15.1",
"libfrrfpm_pb0": "8.4-150500.4.15.1",
"libfrrsnmp0": "8.4-150500.4.15.1",
"libfrrcares0": "8.4-150500.4.15.1"
}
]
}
openSUSE:Leap 15.5 / frr
Package
- Name
- frr
- Purl
- pkg:rpm/opensuse/frr&distro=openSUSE%20Leap%2015.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.4-150500.4.15.1
Ecosystem specific
{
"binaries": [
{
"frr-devel": "8.4-150500.4.15.1",
"libmlag_pb0": "8.4-150500.4.15.1",
"libfrr0": "8.4-150500.4.15.1",
"frr": "8.4-150500.4.15.1",
"libfrr_pb0": "8.4-150500.4.15.1",
"libfrrzmq0": "8.4-150500.4.15.1",
"libfrrospfapiclient0": "8.4-150500.4.15.1",
"libfrrfpm_pb0": "8.4-150500.4.15.1",
"libfrrsnmp0": "8.4-150500.4.15.1",
"libfrrcares0": "8.4-150500.4.15.1"
}
]
}