FRRouting/frr frr-8.4.5

FRR Release 8.4.5

on GitHub

Fixed CVEs

• CVE-2024-31950
• CVE-2024-31951
• CVE-2023-38802
• CVE-2023-46752
• CVE-2023-46753
• CVE-2023-47235
• CVE-2024-31948

Bug Fixes

babeld
    Fix [#11808](https://github.com/FRRouting/frr/issues/11808) to avoid infinite loops

bgpd
    Check mandatory attributes more carefully for update message
    Do not explicitly print maxttl value for ebgp-multihop vty output
    Do not process nlris if the attribute length is zero
    Don't read the first byte of orf header if we are ahead of stream
    Ensure community data is freed in some cases.
    Ensure that the correct aspath is free'd
    Evpn code was not properly unlocking rd_dest
    Fix error handling when receiving bgp prefix sid attribute
    Fix null argument warning
    Fix session reset issue caused by malformed core attributes
    Fix use beyond end of stream of labeled unicast parsing
    Handle mp_reach_nlri malformed packets with session reset
    Ignore handling nlris if we received mp_unreach_nlri
    Include unsuppress-map as a valid outgoing policy
    Prevent from one more cve triggering this place
    Treat eor as withdrawn to avoid unwanted handling of malformed attrs
    Use enum bgp_create_error_code as argument in header
    Use treat-as-withdraw for tunnel encapsulation attribute

isisd
    Fix heap-after-free with prefix sid
    Staticd: need to link directly against libyang

lib
    Fix evpn nexthop config order
    Allow unsetting walltime-warning and cpu-warning
    Make cmd_element->attr a bitmask & clarify
    Replace deprecated ares_gethostbyname
    Replace deprecated ares_process()
  
nhrpd
    Fix nhrp_peer leak
    Fix core dump on shutdown
 
ospf6d
    Fix crash because neighbor structure was freed
    Fix uninitialized warnings
    Ospfv3 route change comparision fixed for asbr-only change
    Stop crash in ospf6_write

ospfd
    Check for nulls in vty code
    Correct opaque lsa extended parser
    Prevent use after free( and crash of ospf ) when no router ospf
    Protect call to get_edge() in ospf_te.c
    Solved crash in ospf te parsing
    Solved crash in ri parsing with ospf te

pimd
    Fix dr-priority range
    Fix null register before aging out reg-stop
    Fix order of operations for evaluating join
    Re-evaluated s,g oils upon rp changes and for empty sg upstream oils

ripd
    Revert "cleanup memory allocations on shutdown"

ripngd
    Revert "cleanup memory allocations on shutdown"

vtysh
    Print uniq lines when parsing `no service ...`

zebra
    Deny the routes if ip protocol cli refers to an undefined rmap
    Fix connected route deletion when multiple entry exists

Full Changelog: frr-8.4.4...frr-8.4.5