Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 19 |
CVE-ID | CVE-2023-31489 CVE-2023-31490 CVE-2023-3748 CVE-2023-38406 CVE-2023-38407 CVE-2023-38802 CVE-2023-41358 CVE-2023-41360 CVE-2023-41909 CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235 CVE-2024-27913 CVE-2024-31948 CVE-2024-31950 CVE-2024-31951 CVE-2024-34088 CVE-2024-44070 |
CWE-ID | CWE-20 CWE-835 CWE-125 CWE-476 CWE-119 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Server Applications Module Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system libfrr_pb0-debuginfo Operating systems & Components / Operating system package or component libmlag_pb0 Operating systems & Components / Operating system package or component frr-debuginfo Operating systems & Components / Operating system package or component frr-debugsource Operating systems & Components / Operating system package or component libfrrcares0-debuginfo Operating systems & Components / Operating system package or component libmlag_pb0-debuginfo Operating systems & Components / Operating system package or component frr Operating systems & Components / Operating system package or component libfrr_pb0 Operating systems & Components / Operating system package or component libfrr0-debuginfo Operating systems & Components / Operating system package or component libfrrfpm_pb0-debuginfo Operating systems & Components / Operating system package or component libfrrospfapiclient0-debuginfo Operating systems & Components / Operating system package or component frr-devel Operating systems & Components / Operating system package or component libfrr0 Operating systems & Components / Operating system package or component libfrrsnmp0-debuginfo Operating systems & Components / Operating system package or component libfrrcares0 Operating systems & Components / Operating system package or component libfrrfpm_pb0 Operating systems & Components / Operating system package or component libfrrzmq0 Operating systems & Components / Operating system package or component libfrrsnmp0 Operating systems & Components / Operating system package or component libfrrospfapiclient0 Operating systems & Components / Operating system package or component libfrrzmq0-debuginfo Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 19 vulnerabilities.
EUVDB-ID: #VU76910
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-31489
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the bgp_capability_llgr() function in bgpd. A remote attacker can pass specially crafted input to the sevrer and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76911
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-31490
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the bgp_attr_psid_sub() function in bgpd. A remote attacker can pass specially crafted input to the server and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78619
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3748
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing hello messages. A remote attacker can send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82897
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38406
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in bgpd/bgp_flowspec.c. A remote attacker can send specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82898
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38407
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition during labeled unicast parsing in bgpd/bgp_label.c. A remote attacker can send specially crafted input to the application, trigger an out-of-bounds read error and crash the daemon.
Update the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80766
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38802
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing BGP update data with a corrupted attribute 23 (Tunnel Encapsulation). A remote attacker can send specially crafted BGP update data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81444
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41358
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in bgpd/bgp_packet.c when handling NLRIs. A remote attacker can send specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81446
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41360
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in bgpd/bgp_packet.c. A remote attacker can read the initial byte of the ORF header in an ahead-of-stream situation.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81445
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41909
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the bgp_nlri_parse_flowspec() function in bgpd/bgp_flowspec.c. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82901
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46752
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing MP_REACH_NLRI data. A remote attacker can send specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82902
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46753
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing BGP UPDATE message without mandatory attributes. A remote attacker can send specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82899
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-47234
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). A remote attacker can send specially crafted messages to the daemon and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82900
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-47235
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when a malformed BGP UPDATE message with an EOR is processed. A remote attacker can send specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101031
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27913
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of OSPF LSA packets within the ospf_te_parse_te() function in ospfd/ospf_te.c. A remote attacker can send specially crafted packets to the server and crash the ospfd daemon.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90721
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31948
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when parsing Prefix SID attribute in a BGP UPDATE packet. A remote attacker can send specially crafted packets to the application, trigger memory corruption and crash the bgpd daemon.
Update the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90720
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31950
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ospf_te_parse_ri when parsing OSPF LSA packets. A remote attacker can send specially crafted packets to the system, trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90723
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31951
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ospf_te_parse_ext_link when parsing OSPF LSA packets. A remote attacker can send specially crafted packets to the daemon, trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90722
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34088
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the get_edge() function in ospf_te.c. A remote attacker can send specially crafted packets to the daemon and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97120
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44070
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the bgp_attr_encap() function in bgpd/bgp_attr.c. A remote attacker can send specially crafted BGP traffic to the daemon and perform a denial of service (DoS) attack.
MitigationUpdate the affected package frr to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise High Performance Computing 15: SP5
libfrr_pb0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0: before 8.5.6-150500.4.30.1
frr-debuginfo: before 8.5.6-150500.4.30.1
frr-debugsource: before 8.5.6-150500.4.30.1
libfrrcares0-debuginfo: before 8.5.6-150500.4.30.1
libmlag_pb0-debuginfo: before 8.5.6-150500.4.30.1
frr: before 8.5.6-150500.4.30.1
libfrr_pb0: before 8.5.6-150500.4.30.1
libfrr0-debuginfo: before 8.5.6-150500.4.30.1
libfrrfpm_pb0-debuginfo: before 8.5.6-150500.4.30.1
libfrrospfapiclient0-debuginfo: before 8.5.6-150500.4.30.1
frr-devel: before 8.5.6-150500.4.30.1
libfrr0: before 8.5.6-150500.4.30.1
libfrrsnmp0-debuginfo: before 8.5.6-150500.4.30.1
libfrrcares0: before 8.5.6-150500.4.30.1
libfrrfpm_pb0: before 8.5.6-150500.4.30.1
libfrrzmq0: before 8.5.6-150500.4.30.1
libfrrsnmp0: before 8.5.6-150500.4.30.1
libfrrospfapiclient0: before 8.5.6-150500.4.30.1
libfrrzmq0-debuginfo: before 8.5.6-150500.4.30.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244090-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.