| Package | frr |
|---|---|
| Version | 7.5.1-1.1+deb10u3 (buster) |
| Related CVEs | CVE-2024-44070 |
An issue has been found in frr, a routing suite of internet protocols (BGP, OSPF, IS-IS, …) Before using the TLV value, due to a missing length check of the remaining stream, one could read behind the buffer.
For Debian 10 buster, these problems have been fixed in version 7.5.1-1.1+deb10u3.
We recommend that you upgrade your frr packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.