Medium severity6.5NVD Advisory· Published Apr 30, 2026· Updated May 1, 2026
CVE-2026-28532
CVE-2026-28532
Description
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. Attackers with an established OSPF adjacency can send a crafted LS Update packet with a malicious Type 10 or Type 11 Opaque LSA to trigger out-of-bounds memory reads and crash all affected routers in the OSPF area or autonomous system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords12 versionspkg:rpm/opensuse/frr&distro=openSUSE%20Tumbleweedpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 10.6.1-1.1+ 11 more
- (no CPE)range: < 10.6.1-1.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 8.5.7-8.16.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 10.2.6-160000.1.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 8.5.7-150500.4.43.1
- (no CPE)range: < 10.2.6-160000.1.1
- (no CPE)range: < 8.5.7-8.16.1
Patches
Vulnerability mechanics
References
4- github.com/FRRouting/frr/commit/f098decf02987fbf1c891766c1516ac832adadfdnvdPatch
- github.com/FRRouting/frr/pull/21002nvdIssue TrackingPatch
- www.vulncheck.com/advisories/frrouting-integer-overflow-in-ospf-tlv-parser-functionsnvdThird Party Advisory
- github.com/FRRouting/frr/releases/tag/frr-10.5.3nvdRelease Notes
News mentions
0No linked articles in our index yet.