VYPR

Frr

by Frrouting

Source repositories

CVEs (44)

  • CVE-2025-61102HigOct 27, 2025
    risk 0.00cvss 7.5epss 0.00

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61101HigOct 27, 2025
    risk 0.00cvss 7.5epss 0.00

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

  • CVE-2025-61100HigOct 27, 2025
    risk 0.00cvss 7.5epss 0.00

    FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.

  • CVE-2025-61099HigOct 27, 2025
    risk 0.00cvss 7.5epss 0.00

    FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.

  • CVE-2024-34088HigApr 30, 2024
    risk 0.00cvss 7.5epss 0.01

    In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.

  • CVE-2024-31951MedApr 7, 2024
    risk 0.00cvss 6.5epss 0.01

    In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).

  • CVE-2024-31950MedApr 7, 2024
    risk 0.00cvss 6.5epss 0.01

    In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).

  • CVE-2024-31949MedApr 7, 2024
    risk 0.00cvss 6.5epss 0.01

    In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.

  • CVE-2024-31948MedApr 7, 2024
    risk 0.00cvss 6.5epss 0.01

    In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

  • CVE-2024-27913MedFeb 28, 2024
    risk 0.00cvss 6.5epss 0.00

    ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.

  • CVE-2023-38407HigNov 6, 2023
    risk 0.00cvss 7.5epss 0.01

    bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.

  • CVE-2023-38406CriNov 6, 2023
    risk 0.00cvss 9.8epss 0.01

    bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."

  • CVE-2023-47235HigNov 3, 2023
    risk 0.00cvss 7.5epss 0.01

    An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.

  • CVE-2023-47234HigNov 3, 2023
    risk 0.00cvss 7.5epss 0.01

    An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

  • CVE-2023-46753MedOct 26, 2023
    risk 0.00cvss 5.9epss 0.01

    An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

  • CVE-2023-46752MedOct 26, 2023
    risk 0.00cvss 5.9epss 0.01

    An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.

  • CVE-2023-41909HigSep 5, 2023
    risk 0.00cvss 7.5epss 0.01

    An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

  • CVE-2023-41361CriAug 29, 2023
    risk 0.00cvss 9.8epss 0.01

    An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

  • CVE-2023-41360CriAug 29, 2023
    risk 0.00cvss 9.1epss 0.01

    An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

  • CVE-2023-41359CriAug 29, 2023
    risk 0.00cvss 9.1epss 0.01

    An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.