rpm package

opensuse/frr&distro=openSUSE Leap 15.6

pkg:rpm/opensuse/frr&distro=openSUSE%20Leap%2015.6

Vulnerabilities (29)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-61107		—	< 8.5.6-150500.4.36.1	8.5.6-150500.4.36.1	Oct 28, 2025	FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
CVE-2025-61106		—	< 8.5.6-150500.4.36.1	8.5.6-150500.4.36.1	Oct 28, 2025	FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61104		—	< 8.5.6-150500.4.36.1	8.5.6-150500.4.36.1	Oct 28, 2025	FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61103		—	< 8.5.6-150500.4.36.1	8.5.6-150500.4.36.1	Oct 28, 2025	FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61105		—	< 8.5.6-150500.4.36.1	8.5.6-150500.4.36.1	Oct 27, 2025	FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61102		—	< 8.5.6-150500.4.36.1	8.5.6-150500.4.36.1	Oct 27, 2025	FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61101		—	< 8.5.6-150500.4.36.1	8.5.6-150500.4.36.1	Oct 27, 2025	FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61100		—	< 8.5.6-150500.4.36.1	8.5.6-150500.4.36.1	Oct 27, 2025	FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
CVE-2025-61099		—	< 8.5.6-150500.4.36.1	8.5.6-150500.4.36.1	Oct 27, 2025	FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
CVE-2024-55553	Hig	7.5	< 8.5.6-150500.4.33.1	8.5.6-150500.4.33.1	Jan 6, 2025	In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by c
CVE-2024-44070		—	< 8.4-150500.4.26.1	8.4-150500.4.26.1	Aug 19, 2024	An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
CVE-2024-34088		—	< 8.4-150500.4.23.1	8.4-150500.4.23.1	Apr 30, 2024	In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
CVE-2024-31951		—	< 8.4-150500.4.23.1	8.4-150500.4.23.1	Apr 7, 2024	In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
CVE-2024-31950		—	< 8.4-150500.4.23.1	8.4-150500.4.23.1	Apr 7, 2024	In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).
CVE-2024-31948		—	< 8.5.6-150500.4.30.1	8.5.6-150500.4.30.1	Apr 7, 2024	In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
CVE-2024-27913		—	< 8.5.6-150500.4.30.1	8.5.6-150500.4.30.1	Feb 28, 2024	ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
CVE-2023-38407		—	< 8.5.6-150500.4.30.1	8.5.6-150500.4.30.1	Nov 6, 2023	bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
CVE-2023-38406		—	< 8.5.6-150500.4.30.1	8.5.6-150500.4.30.1	Nov 6, 2023	bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
CVE-2023-47235		—	< 8.5.6-150500.4.30.1	8.5.6-150500.4.30.1	Nov 3, 2023	An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
CVE-2023-47234		—	< 8.5.6-150500.4.30.1	8.5.6-150500.4.30.1	Nov 3, 2023	An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

CVE-2025-61107Oct 28, 2025
affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
CVE-2025-61106Oct 28, 2025
affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61104Oct 28, 2025
affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61103Oct 28, 2025
affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61105Oct 27, 2025
affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61102Oct 27, 2025
affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61101Oct 27, 2025
affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVE-2025-61100Oct 27, 2025
affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
CVE-2025-61099Oct 27, 2025
affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
CVE-2024-55553HigJan 6, 2025
affected < 8.5.6-150500.4.33.1fixed 8.5.6-150500.4.33.1
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by c
CVE-2024-44070Aug 19, 2024
affected < 8.4-150500.4.26.1fixed 8.4-150500.4.26.1
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
CVE-2024-34088Apr 30, 2024
affected < 8.4-150500.4.23.1fixed 8.4-150500.4.23.1
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
CVE-2024-31951Apr 7, 2024
affected < 8.4-150500.4.23.1fixed 8.4-150500.4.23.1
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
CVE-2024-31950Apr 7, 2024
affected < 8.4-150500.4.23.1fixed 8.4-150500.4.23.1
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).
CVE-2024-31948Apr 7, 2024
affected < 8.5.6-150500.4.30.1fixed 8.5.6-150500.4.30.1
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
CVE-2024-27913Feb 28, 2024
affected < 8.5.6-150500.4.30.1fixed 8.5.6-150500.4.30.1
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
CVE-2023-38407Nov 6, 2023
affected < 8.5.6-150500.4.30.1fixed 8.5.6-150500.4.30.1
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
CVE-2023-38406Nov 6, 2023
affected < 8.5.6-150500.4.30.1fixed 8.5.6-150500.4.30.1
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
CVE-2023-47235Nov 3, 2023
affected < 8.5.6-150500.4.30.1fixed 8.5.6-150500.4.30.1
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
CVE-2023-47234Nov 3, 2023
affected < 8.5.6-150500.4.30.1fixed 8.5.6-150500.4.30.1
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

Page 1 of 2