{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2022-43681: fix bgpd crash on malformed BGP OPEN messages with insufficient data\n- CVE-2022-40318: fix out-of-bounds read in bgp_open_option_parse with extended option params\n- CVE-2023-31489: fix out-of-bounds read in BGP Long-lived Graceful-Restart capability parsing\n- CVE-2023-46752: fix bgpd crash on malformed MP_REACH_NLRI packets", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1778238289", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1778238289" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1778238289.json" } ], "tracking": { "current_release_date": "2026-05-08T11:18:17Z", "generator": { "date": "2026-05-08T11:18:17Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1778238289", "initial_release_date": "2026-05-08T11:18:17Z", "revision_history": [ { "date": "2026-05-08T11:18:17Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "frr: Fix of 4 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "product": { "name": "frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "product_id": "frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/frr@8.3.1-5.el9_2.2.alma.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "product": { "name": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "product_id": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/frr@8.3.1-5.el9.2.alma.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "product": { "name": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "product_id": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/frr@8.3.1-5.el9.2.alma.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "product": { "name": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "product_id": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/frr@8.3.1-5.el9.2.alma.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch", "product": { "name": "frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch", "product_id": "frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/frr-selinux@8.3.1-5.el9_2.2.alma.tuxcare.els4?arch=noarch" } } }, { "category": "product_version", "name": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch", "product": { "name": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch", "product_id": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/frr-selinux@8.3.1-5.el9.2.alma.tuxcare.els3?arch=noarch" } } }, { "category": "product_version", "name": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "product": { "name": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "product_id": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/frr-selinux@8.3.1-5.el9.2.alma.tuxcare.els2?arch=noarch" } } }, { "category": "product_version", "name": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "product": { "name": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "product_id": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/frr-selinux@8.3.1-5.el9.2.alma.tuxcare.els1?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64" }, "product_reference": "frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" }, "product_reference": "frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch" }, "product_reference": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64" }, "product_reference": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch" }, "product_reference": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64" }, "product_reference": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64" }, "product_reference": "frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch" }, "product_reference": "frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-40318", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ], "known_affected": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-40318" }, { "category": "external", "summary": "https://github.com/FRRouting/frr/releases", "url": "https://github.com/FRRouting/frr/releases" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5495", "url": "https://www.debian.org/security/2023/dsa-5495" } ], "release_date": "2023-05-03T12:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-08T11:06:08.012046Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1778238289", "product_ids": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1778238289" }, { "category": "none_available", "date": "2023-05-03T12:16:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-46752", "notes": [ { "category": "description", "text": "An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ], "known_affected": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-46752" }, { "category": "external", "summary": "https://github.com/FRRouting/frr/pull/14645/commits/b08afc81c60607a4f736f418f2e3eb06087f1a35", "url": "https://github.com/FRRouting/frr/pull/14645/commits/b08afc81c60607a4f736f418f2e3eb06087f1a35" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html" } ], "release_date": "2023-10-26T05:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-08T11:06:08.012046Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1778238289", "product_ids": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1778238289" }, { "category": "none_available", "date": "2023-10-26T05:15:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-31489", "notes": [ { "category": "description", "text": "An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ], "known_affected": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-31489" }, { "category": "external", "summary": "https://github.com/FRRouting/frr/issues/13098", "url": "https://github.com/FRRouting/frr/issues/13098" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/" } ], "release_date": "2023-05-09T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-08T11:06:08.012046Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1778238289", "product_ids": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1778238289" }, { "category": "none_available", "date": "2023-05-09T16:15:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2022-43681", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ], "known_affected": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-43681" }, { "category": "external", "summary": "https://forescout.com", "url": "https://forescout.com/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5495", "url": "https://www.debian.org/security/2023/dsa-5495" } ], "release_date": "2023-05-03T12:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-08T11:06:08.012046Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1778238289", "product_ids": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1778238289" }, { "category": "none_available", "date": "2023-05-03T12:16:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els2.x86_64", "AlmaLinux-9.2:frr-0:8.3.1-5.el9.2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els1.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els2.noarch", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9.2.alma.tuxcare.els3.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:frr-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:frr-selinux-0:8.3.1-5.el9_2.2.alma.tuxcare.els4.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }