rpm package
suse/frr&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP6
pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-37458 | Med | 6.5 | < 8.5.7-150500.4.43.1 | 8.5.7-150500.4.43.1 | May 4, 2026 | Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message. | |
| CVE-2026-37457 | Hig | 7.5 | < 8.5.7-150500.4.43.1 | 8.5.7-150500.4.43.1 | May 1, 2026 | An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component. | |
| CVE-2026-28532 | Med | 6.5 | < 8.5.7-150500.4.43.1 | 8.5.7-150500.4.43.1 | Apr 30, 2026 | FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition t | |
| CVE-2026-5107 | Med | 4.2 | < 8.5.7-150500.4.43.1 | 8.5.7-150500.4.43.1 | Mar 30, 2026 | A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack |
- affected < 8.5.7-150500.4.43.1fixed 8.5.7-150500.4.43.1
Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
- affected < 8.5.7-150500.4.43.1fixed 8.5.7-150500.4.43.1
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.
- affected < 8.5.7-150500.4.43.1fixed 8.5.7-150500.4.43.1
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition t
- affected < 8.5.7-150500.4.43.1fixed 8.5.7-150500.4.43.1
A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack