{"id":"ALSA-2023:6434","summary":"Moderate: frr security and bug fix update","details":"FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. \n\nSecurity Fix(es):\n\n* frr: Reachable assertion in peek_for_as4_capability function (CVE-2022-36440)\n* frr: denial of service by crafting a BGP OPEN message with an option of type 0xff (CVE-2022-40302)\n* frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff (CVE-2022-40318)\n* frr: out-of-bounds read exists in the BGP daemon of FRRouting (CVE-2022-43681)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-02-04T03:26:00.417202Z","published":"2023-11-07T00:00:00Z","related":["CVE-2022-36440","CVE-2022-40302","CVE-2022-40318","CVE-2022-43681"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:6434"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-36440"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-40302"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-40318"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-43681"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2184468"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2196088"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2196090"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2196091"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2023-6434.html"}],"affected":[{"package":{"name":"frr","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/frr"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.3.1-11.el9_3.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:6434.json"}},{"package":{"name":"frr-selinux","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/frr-selinux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.3.1-11.el9_3.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:6434.json"}}],"schema_version":"1.7.3"}