VYPR

Frr

by Frrouting

Source repositories

CVEs (44)

  • CVE-2022-37035HigAug 2, 2022
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP…

  • CVE-2022-26129HigMar 3, 2022
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.

  • CVE-2022-26128HigMar 3, 2022
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.

  • CVE-2022-26127HigMar 3, 2022
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.

  • CVE-2022-26126HigMar 3, 2022
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.

  • CVE-2022-26125HigMar 3, 2022
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.

  • CVE-2023-38802HigAug 29, 2023
    risk 0.49cvss 7.5epss 0.01

    FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).

  • CVE-2023-31490HigMay 9, 2023
    risk 0.49cvss 7.5epss 0.02

    An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.

  • CVE-2017-15865HigNov 8, 2017
    risk 0.49cvss 7.5epss 0.02

    bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few…

  • CVE-2026-37460HigJun 3, 2026
    risk 0.42cvss 7.5epss 0.00

    Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

  • CVE-2024-55553HigJan 6, 2025
    risk 0.42cvss 7.5epss 0.01

    In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by…

  • CVE-2022-43681MedMay 3, 2023
    risk 0.42cvss 6.5epss 0.02

    An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet,…

  • CVE-2022-40318MedMay 3, 2023
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible…

  • CVE-2022-40302MedMay 3, 2023
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible…

  • CVE-2023-31489MedMay 9, 2023
    risk 0.36cvss 5.5epss 0.01

    An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.

  • CVE-2025-61107HigOct 28, 2025
    risk 0.00cvss 7.5epss 0.01

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.

  • CVE-2025-61106HigOct 28, 2025
    risk 0.00cvss 7.5epss 0.01

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61104HigOct 28, 2025
    risk 0.00cvss 7.5epss 0.01

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61103HigOct 28, 2025
    risk 0.00cvss 7.5epss 0.01

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61105HigOct 27, 2025
    risk 0.00cvss 7.5epss 0.00

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

Page 1 of 3