VYPR

Frrouting

by Frrouting

Source repositories

CVEs (30)

  • CVE-2024-31949Apr 7, 2024
    risk 0.00cvss epss 0.01

    In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.

  • CVE-2023-38406Nov 6, 2023
    risk 0.00cvss epss 0.01

    bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."

  • CVE-2023-3748Jul 24, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV…

  • CVE-2022-40318May 3, 2023
    risk 0.00cvss epss 0.02

    An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible…

  • CVE-2022-36440Apr 3, 2023
    risk 0.00cvss epss 0.02

    A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.

  • CVE-2022-26129Mar 3, 2022
    risk 0.00cvss epss 0.01

    Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.

  • CVE-2022-26128Mar 3, 2022
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.

  • CVE-2022-26127Mar 3, 2022
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.

  • CVE-2022-26126Mar 3, 2022
    risk 0.00cvss epss 0.01

    Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.

  • CVE-2022-26125Mar 3, 2022
    risk 0.00cvss epss 0.01

    Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.

Page 2 of 2