In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospfteparse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).
{ "availability": "No subscription required", "binaries": [ { "binary_version": "8.1-1ubuntu1.10", "binary_name": "frr" }, { "binary_version": "8.1-1ubuntu1.10", "binary_name": "frr-pythontools" }, { "binary_version": "8.1-1ubuntu1.10", "binary_name": "frr-rpki-rtrlib" }, { "binary_version": "8.1-1ubuntu1.10", "binary_name": "frr-snmp" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "8.4.4-1.1ubuntu6.1", "binary_name": "frr" }, { "binary_version": "8.4.4-1.1ubuntu6.1", "binary_name": "frr-pythontools" }, { "binary_version": "8.4.4-1.1ubuntu6.1", "binary_name": "frr-rpki-rtrlib" }, { "binary_version": "8.4.4-1.1ubuntu6.1", "binary_name": "frr-snmp" } ] }