VYPR

rpm package

suse/frr&distro=SUSE Linux Enterprise Module for Server Applications 15 SP7

pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Vulnerabilities (14)

  • CVE-2026-37458MedMay 4, 2026
    affected < 8.5.7-150500.4.43.1fixed 8.5.7-150500.4.43.1

    Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.

  • CVE-2026-37457HigMay 1, 2026
    affected < 8.5.7-150500.4.43.1fixed 8.5.7-150500.4.43.1

    An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.

  • CVE-2026-28532MedApr 30, 2026
    affected < 8.5.7-150500.4.43.1fixed 8.5.7-150500.4.43.1

    FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition t

  • CVE-2026-5107MedMar 30, 2026
    affected < 8.5.7-150500.4.43.1fixed 8.5.7-150500.4.43.1

    A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack

  • CVE-2025-61107Oct 28, 2025
    affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.

  • CVE-2025-61106Oct 28, 2025
    affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61104Oct 28, 2025
    affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61103Oct 28, 2025
    affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61105Oct 27, 2025
    affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61102Oct 27, 2025
    affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61101Oct 27, 2025
    affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61100Oct 27, 2025
    affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1

    FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.

  • CVE-2025-61099Oct 27, 2025
    affected < 8.5.6-150500.4.36.1fixed 8.5.6-150500.4.36.1

    FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.

  • CVE-2024-55553HigJan 6, 2025
    affected < 8.5.6-150500.4.33.1fixed 8.5.6-150500.4.33.1

    In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by c