An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. Reference and upstream patch: https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8
Created frr tracking bugs for this issue: Affects: fedora-all [bug 2238409]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2156 https://access.redhat.com/errata/RHSA-2024:2156
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2981 https://access.redhat.com/errata/RHSA-2024:2981