Filtered by vendor Frrouting
Subscribe
Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31950 | 1 Frrouting | 1 Frrouting | 2025-05-01 | N/A | N/A |
| In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). | |||||
| CVE-2024-31951 | 1 Frrouting | 1 Frrouting | 2025-05-01 | N/A | N/A |
| In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). | |||||
| CVE-2024-34088 | 1 Frrouting | 1 Frrouting | 2025-05-01 | N/A | N/A |
| In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service. | |||||
| CVE-2024-31948 | 1 Frrouting | 1 Frrouting | 2025-05-01 | N/A | N/A |
| In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. | |||||
| CVE-2024-31949 | 1 Frrouting | 1 Frrouting | 2025-05-01 | N/A | N/A |
| In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. | |||||
| CVE-2024-27913 | 1 Frrouting | 1 Frrouting | 2025-03-26 | N/A | 6.5 MEDIUM |
| ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field. | |||||
| CVE-2022-40302 | 2 Debian, Frrouting | 2 Debian Linux, Frrouting | 2025-01-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. | |||||
| CVE-2023-46753 | 1 Frrouting | 1 Frrouting | 2024-10-29 | N/A | 5.9 MEDIUM |
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. | |||||
| CVE-2023-41360 | 3 Debian, Fedoraproject, Frrouting | 3 Debian Linux, Fedora, Frrouting | 2024-10-16 | N/A | 9.1 CRITICAL |
| An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. | |||||
| CVE-2024-44070 | 2 Frrouting, Redhat | 2 Frrouting, Enterprise Linux | 2024-08-30 | N/A | 7.5 HIGH |
| An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. | |||||
| CVE-2023-47234 | 1 Frrouting | 1 Frrouting | 2024-08-22 | N/A | 7.5 HIGH |
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). | |||||
| CVE-2023-47235 | 1 Frrouting | 1 Frrouting | 2024-07-03 | N/A | 7.5 HIGH |
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. | |||||
| CVE-2023-38407 | 1 Frrouting | 1 Frrouting | 2024-07-03 | N/A | 7.5 HIGH |
| bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. | |||||
| CVE-2022-26125 | 1 Frrouting | 1 Frrouting | 2024-07-03 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. | |||||
| CVE-2022-26129 | 1 Frrouting | 1 Frrouting | 2024-07-03 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. | |||||
| CVE-2022-26127 | 1 Frrouting | 1 Frrouting | 2024-04-28 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. | |||||
| CVE-2023-38406 | 1 Frrouting | 1 Frrouting | 2024-04-28 | N/A | 9.8 CRITICAL |
| bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." | |||||
| CVE-2022-26126 | 2 Fedoraproject, Frrouting | 2 Fedora, Frrouting | 2024-04-28 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. | |||||
| CVE-2023-46752 | 1 Frrouting | 1 Frrouting | 2024-04-28 | N/A | 5.9 MEDIUM |
| An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. | |||||
| CVE-2022-37035 | 1 Frrouting | 1 Frrouting | 2024-04-28 | N/A | 8.1 HIGH |
| An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. | |||||