Frrouting
by Frrouting
Source repositories
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31949 | 0.00 | — | 0.01 | Apr 7, 2024 | In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. | |||
| CVE-2023-38406 | 0.00 | — | 0.01 | Nov 6, 2023 | bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." | |||
| CVE-2023-3748 | 0.00 | — | 0.01 | Jul 24, 2023 | A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV… | |||
| CVE-2022-40318 | 0.00 | — | 0.02 | May 3, 2023 | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible… | |||
| CVE-2022-36440 | 0.00 | — | 0.02 | Apr 3, 2023 | A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. | |||
| CVE-2022-26129 | 0.00 | — | 0.01 | Mar 3, 2022 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. | |||
| CVE-2022-26128 | 0.00 | — | 0.01 | Mar 3, 2022 | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. | |||
| CVE-2022-26127 | 0.00 | — | 0.01 | Mar 3, 2022 | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. | |||
| CVE-2022-26126 | 0.00 | — | 0.01 | Mar 3, 2022 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. | |||
| CVE-2022-26125 | 0.00 | — | 0.01 | Mar 3, 2022 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. |
- CVE-2024-31949Apr 7, 2024risk 0.00cvss —epss 0.01
In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.
- CVE-2023-38406Nov 6, 2023risk 0.00cvss —epss 0.01
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
- CVE-2023-3748Jul 24, 2023risk 0.00cvss —epss 0.01
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV…
- CVE-2022-40318May 3, 2023risk 0.00cvss —epss 0.02
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible…
- CVE-2022-36440Apr 3, 2023risk 0.00cvss —epss 0.02
A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.
- CVE-2022-26129Mar 3, 2022risk 0.00cvss —epss 0.01
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.
- CVE-2022-26128Mar 3, 2022risk 0.00cvss —epss 0.01
A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.
- CVE-2022-26127Mar 3, 2022risk 0.00cvss —epss 0.01
A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.
- CVE-2022-26126Mar 3, 2022risk 0.00cvss —epss 0.01
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.
- CVE-2022-26125Mar 3, 2022risk 0.00cvss —epss 0.01
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.
Page 2 of 2