rpm package
suse/frr&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-37458 | Med | 6.5 | < 8.5.7-8.16.1 | 8.5.7-8.16.1 | May 4, 2026 | Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message. | |
| CVE-2026-37457 | Hig | 7.5 | < 8.5.7-8.16.1 | 8.5.7-8.16.1 | May 1, 2026 | An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component. | |
| CVE-2026-28532 | Med | 6.5 | < 8.5.7-8.16.1 | 8.5.7-8.16.1 | Apr 30, 2026 | FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition t | |
| CVE-2026-5107 | Med | 4.2 | < 8.5.7-8.16.1 | 8.5.7-8.16.1 | Mar 30, 2026 | A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack | |
| CVE-2025-61107 | — | < 8.5.6-8.9.1 | 8.5.6-8.9.1 | Oct 28, 2025 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet. | ||
| CVE-2025-61106 | — | < 8.5.6-8.9.1 | 8.5.6-8.9.1 | Oct 28, 2025 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | ||
| CVE-2025-61104 | — | < 8.5.6-8.9.1 | 8.5.6-8.9.1 | Oct 28, 2025 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | ||
| CVE-2025-61103 | — | < 8.5.6-8.9.1 | 8.5.6-8.9.1 | Oct 28, 2025 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | ||
| CVE-2025-61105 | — | < 8.5.6-8.9.1 | 8.5.6-8.9.1 | Oct 27, 2025 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | ||
| CVE-2025-61102 | — | < 8.5.6-8.9.1 | 8.5.6-8.9.1 | Oct 27, 2025 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | ||
| CVE-2025-61101 | — | < 8.5.6-8.9.1 | 8.5.6-8.9.1 | Oct 27, 2025 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | ||
| CVE-2025-61100 | — | < 8.5.6-8.9.1 | 8.5.6-8.9.1 | Oct 27, 2025 | FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions. | ||
| CVE-2025-61099 | — | < 8.5.6-8.9.1 | 8.5.6-8.9.1 | Oct 27, 2025 | FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet. | ||
| CVE-2024-55553 | Hig | 7.5 | < 8.5.6-8.6.1 | 8.5.6-8.6.1 | Jan 6, 2025 | In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by c |
- affected < 8.5.7-8.16.1fixed 8.5.7-8.16.1
Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
- affected < 8.5.7-8.16.1fixed 8.5.7-8.16.1
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.
- affected < 8.5.7-8.16.1fixed 8.5.7-8.16.1
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition t
- affected < 8.5.7-8.16.1fixed 8.5.7-8.16.1
A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack
- CVE-2025-61107Oct 28, 2025affected < 8.5.6-8.9.1fixed 8.5.6-8.9.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
- CVE-2025-61106Oct 28, 2025affected < 8.5.6-8.9.1fixed 8.5.6-8.9.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
- CVE-2025-61104Oct 28, 2025affected < 8.5.6-8.9.1fixed 8.5.6-8.9.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
- CVE-2025-61103Oct 28, 2025affected < 8.5.6-8.9.1fixed 8.5.6-8.9.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
- CVE-2025-61105Oct 27, 2025affected < 8.5.6-8.9.1fixed 8.5.6-8.9.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
- CVE-2025-61102Oct 27, 2025affected < 8.5.6-8.9.1fixed 8.5.6-8.9.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
- CVE-2025-61101Oct 27, 2025affected < 8.5.6-8.9.1fixed 8.5.6-8.9.1
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
- CVE-2025-61100Oct 27, 2025affected < 8.5.6-8.9.1fixed 8.5.6-8.9.1
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
- CVE-2025-61099Oct 27, 2025affected < 8.5.6-8.9.1fixed 8.5.6-8.9.1
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
- affected < 8.5.6-8.6.1fixed 8.5.6-8.6.1
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by c