Skip to main content

Frrouting

31 CVEs product

Monthly

CVE-2024-44070 HIGH PATCH This Week

An issue was discovered in FRRouting (FRR) through 10.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frrouting Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-34088 HIGH PATCH This Week

In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-31951 MEDIUM PATCH This Month

In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31950 MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31949 MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-31948 MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-27913 MEDIUM PATCH This Month

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-38407 HIGH PATCH This Week

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frrouting
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-38406 CRITICAL PATCH Act Now

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-47235 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-47234 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-46753 MEDIUM PATCH This Month

An issue was discovered in FRRouting FRR through 9.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Frrouting
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2023-46752 MEDIUM PATCH This Month

An issue was discovered in FRRouting FRR through 9.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2023-41909 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-38802 HIGH POC This Week

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Picos Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-41361 CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR 9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-41360 CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-41359 CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-41358 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-3748 HIGH This Week

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Frrouting
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31490 HIGH POC This Week

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-31489 MEDIUM POC This Month

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-37032 CRITICAL POC PATCH Act Now

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Frrouting Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2022-37035 HIGH POC This Week

An issue was discovered in bgpd in FRRouting (FRR) 8.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Information Disclosure Frrouting
NVD GitHub
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-26129 HIGH POC This Week

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-26128 HIGH POC This Week

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-26127 HIGH POC This Week

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-26126 HIGH POC This Week

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-26125 HIGH POC This Week

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-5892 MEDIUM PATCH This Month

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.0
6.5
EPSS
2.7%
CVE-2017-15865 HIGH This Week

bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Frrouting
NVD
CVSS 3.0
7.5
EPSS
0.5%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting (FRR) through 10.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frrouting Enterprise Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Frrouting
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frrouting
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Frrouting
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in FRRouting FRR through 9.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Frrouting
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in FRRouting FRR through 9.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Frrouting
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Picos +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR 9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting Debian Linux
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting +2
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Frrouting
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Debian Linux +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Fedora
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

An issue was discovered in bgpd in FRRouting (FRR) 8.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting Fedora
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Frrouting
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy