Bug 2235842 (CVE-2023-41360)

Summary: CVE-2023-41360 frr: ahead-of-stream read of ORF header
Product: [Other] Security Response Reporter: Anten Skrabec <askrabec>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: ASSIGNED --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: fhrdina, mruprich
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: frr-9.1-rc, frr-8.5-rc Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read flaw was found in FRRouting in bgpd/bgp_packet.c, resulting from a boundary condition. This flaw allows a remote attacker, through specially crafted input, to read the initial byte of the ORF header in an ahead-of-stream scenario. This attacker can gain information and potentially launch further attacks against the affected system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2236319, 2236320, 2236470, 2236474, 2236475    
Bug Blocks: 2230985    

Description Anten Skrabec 2023-08-29 20:52:34 UTC 
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

https://github.com/FRRouting/frr/pull/14245
Comment 3 msiddiqu 2023-08-31 10:50:32 UTC 
Created frr tracking bugs for this issue:

Affects: fedora-all [bug 2236470]
Comment 5 Michal Ruprich 2023-10-30 09:52:44 UTC 
Fixed in F37, F38 and F40:

F37: https://koji.fedoraproject.org/koji/buildinfo?buildID=2304627
F38: https://koji.fedoraproject.org/koji/buildinfo?buildID=2304626
F40: https://koji.fedoraproject.org/koji/buildinfo?buildID=2307311

F39 is stuck on a build error from gcc but the update that fixes the issue is currently stuck in final freeze for updates. Keeping this bug opened for a little bit and wait for the gcc update to go out.
Comment 7 errata-xmlrpc 2024-04-30 09:42:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2156 https://access.redhat.com/errata/RHSA-2024:2156