Frrouting

frrouting

Vendor: Frrouting • 48 CVEs

CVEs (48)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-37458 1Frrouting 1Frrouting May 11, 2026 May 4, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
CVE-2026-37457 1Frrouting 1Frrouting May 29, 2026 May 1, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a craft...Show more An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.Show less
CVE-2026-28532 1Frrouting 1Frrouting May 1, 2026 Apr 30, 2026 6.0 MEDIUM· v4 6.5 MEDIUM· v3 N/A· v2 FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by th...Show more FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. Attackers with an established OSPF adjacency can send a crafted LS Update packet with a malicious Type 10 or Type 11 Opaque LSA to trigger out-of-bounds memory reads and crash all affected routers in the OSPF area or autonomous system.Show less
CVE-2026-5107 1Frrouting 1Frrouting Apr 29, 2026 Mar 30, 2026 2.3 LOW· v4 4.2 MEDIUM· v3 3.6 LOW· v2 A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper acces...Show more A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.Show less
CVE-2025-61107 1Frrouting 1Frrouting Oct 31, 2025 Oct 28, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (Do...Show more FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.Show less
CVE-2025-61106 1Frrouting 1Frrouting Oct 31, 2025 Oct 28, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (Do...Show more FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Show less
CVE-2025-61104 1Frrouting 1Frrouting Oct 31, 2025 Oct 28, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via...Show more FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Show less
CVE-2025-61103 1Frrouting 1Frrouting Oct 31, 2025 Oct 28, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service...Show more FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Show less
CVE-2025-61105 1Frrouting 1Frrouting Nov 3, 2025 Oct 27, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a...Show more FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Show less
CVE-2025-61102 1Frrouting 1Frrouting Nov 3, 2025 Oct 27, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS...Show more FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Show less
CVE-2025-61101 1Frrouting 1Frrouting Nov 3, 2025 Oct 27, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service...Show more FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Show less
CVE-2025-61100 1Frrouting 1Frrouting Nov 3, 2025 Oct 27, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS)...Show more FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.Show less
CVE-2025-61099 1Frrouting 1Frrouting Nov 3, 2025 Oct 27, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) vi...Show more FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.Show less
CVE-2024-44070 2Frrouting Redhat 2Enterprise Linux Frrouting Nov 4, 2025 Aug 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
CVE-2024-34088 1Frrouting 1Frrouting May 1, 2025 Apr 30, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon...Show more In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.Show less
CVE-2024-31951 1Frrouting 1Frrouting May 1, 2025 Apr 7, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SI...Show more In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).Show less
CVE-2024-31950 1Frrouting 1Frrouting May 1, 2025 Apr 7, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).
CVE-2024-31949 1Frrouting 1Frrouting Nov 4, 2025 Apr 7, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.
CVE-2024-31948 1Frrouting 1Frrouting Nov 4, 2025 Apr 7, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
CVE-2024-27913 1Frrouting 1Frrouting Mar 26, 2025 Feb 28, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing at...Show more ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.Show less

12 3 Next