Hello Olivier!

On Tue, Sep 23, 2025 at 06:05:08PM +0200, Olivier Cochard-Labbé wrote:

Thanks for this fix. Could you please provide the list of impacted versions for the CVE? Specifically, are versions 3.1.1 and 3.1.2 impacted too ?

Yes. 3.0.x where x < 5, and 3.1.y where y < 4, all are impacted. BIRD 2 is not affected. The crashing assert is directly related to the multithreaded environment.

I hope that now it’s clear, sorry for any confusion.
Maria

–
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.