CVE-2023-41909

NameCVE-2023-41909
DescriptionAn issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3573-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
frr (PTS)buster6.0.2-2+deb10u1vulnerable
buster (security)7.5.1-1.1+deb10u1fixed
bullseye (security), bullseye7.5.1-1.1+deb11u2vulnerable
bookworm, bookworm (security)8.4.4-1.1~deb12u1fixed
sid8.4.4-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
frrsourcebuster7.5.1-1.1+deb10u1DLA-3573-1
frrsource(unstable)8.4.4-1

Notes

https://github.com/FRRouting/frr/commit/cfd04dcb3e689754a72507d086ba3b9709fc5ed8 (frr-9.0)
https://github.com/FRRouting/frr/commit/cc1a551cb007cc8ed8b1ea0605a7ab46c16de12b (frr-8.5.1)
https://github.com/FRRouting/frr/commit/0a12b878082f77b67ad5d9b4782846ac738575a2 (frr-8.4.4)

Search for package or bug name: Reporting problems