CLSA-2025-1762363302

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1762363302.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1762363302
Upstream
Published
2025-11-05T17:21:48Z
Modified
2026-06-01T00:31:15.014962608Z
Summary
frr: Fix of 4 CVEs
Details
  • CVE-2022-36440: fix heap-buffer-overflow in peekforas4_capability when reading BGP OPEN extended optional parameters
  • CVE-2023-31490: fix insufficient stream data validation in BGP prefix SID attributes processing
  • CVE-2023-38407: fix out-of-bounds read in BGP labeled unicast parsing
  • CVE-2023-41909: fix implicit withdrawal handling for BGP flowspec without attributes
References

Affected packages

TuxCare:AlmaLinux:9.2 / frr

Package

Name
frr
Purl
pkg:rpm/tuxcare/frr?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.3.1-5.el9.2.alma.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1762363302.json"

TuxCare:AlmaLinux:9.2 / frr-selinux

Package

Name
frr-selinux
Purl
pkg:rpm/tuxcare/frr-selinux?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.3.1-5.el9.2.alma.tuxcare.els2

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1762363302.json"