frrouting · threatengine.sh

CVE-2026-37458

>= 10.0 and <= 10.6.0

Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attacke

6.5MEDIUM

CVE-2026-28532

< 10.5.3

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parse

6.5MEDIUM

CVE-2026-5107

all versions

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_e

4.2MEDIUM

CVE-2025-61107

>= 4.0 and <= 10.4.1

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid fu

7.5HIGH

CVE-2025-61106

>= 4.0 and <= 10.4.1

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid fu

7.5HIGH

CVE-2025-61104

>= 4.0 and <= 10.4.1

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function

7.5HIGH

CVE-2025-61103

>= 4.0 and <= 10.4.1

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid

7.5HIGH

CVE-2025-61105

>= 4.0 and <= 10.4.1

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function a

7.5HIGH

CVE-2025-61102

>= 4.0 and <= 10.4.1

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid fun

7.5HIGH

CVE-2025-61101

>= 4.0 and <= 10.4.1

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_add

7.5HIGH

CVE-2025-61100

>= 2.0 and <= 10.4.1

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function

7.5HIGH

CVE-2025-61099

>= 2.0 and <= 10.4.1

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function a

7.5HIGH

CVE-2024-44070

<= 10.1

An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining str

7.5HIGH

CVE-2024-34088

<= 9.1

In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointe

7.5HIGH

CVE-2024-31951

<= 9.1

In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_

6.5MEDIUM

CVE-2024-31950

<= 9.1

In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an

6.5MEDIUM

CVE-2024-31949

<= 9.1

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malfo

6.5MEDIUM

CVE-2024-31948

<= 9.1

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemo

6.5MEDIUM

CVE-2024-27913

< 9.0

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd dae

6.5MEDIUM

CVE-2023-38407

< 8.5

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.

7.5HIGH

CVE-2023-38406

< 8.4.3

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."

9.8CRITICAL

CVE-2023-47235

<= 9.0.1

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is proce

7.5HIGH

CVE-2023-47234

<= 9.0.1

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_U

7.5HIGH

CVE-2023-46753

<= 9.0.1

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attri

5.9MEDIUM

CVE-2023-46752

<= 9.0.1

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.

5.9MEDIUM

CVE-2023-41909

<= 9.0

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests

7.5HIGH

CVE-2023-38802

>= 7.5.1 and <= 9.0

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP upd

7.5HIGH

CVE-2023-41361

<= 9.0

An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software versio

9.8CRITICAL

CVE-2023-41360

<= 9.0

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of

9.1CRITICAL

CVE-2023-41359

<= 9.0

An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c bec

9.1CRITICAL

CVE-2023-41358

<= 9.0

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

7.5HIGH

CVE-2023-3748

< 8.5

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may a

3.5LOW

CVE-2023-31490

all versions

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() functio

7.5HIGH

CVE-2023-31489

all versions

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() funct

5.5MEDIUM

CVE-2022-43681

<= 8.4

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends w

6.5MEDIUM

CVE-2022-40318

<= 8.4

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extend

6.5MEDIUM

CVE-2022-40302

<= 8.4

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extend

6.5MEDIUM

CVE-2022-36440

all versions

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously con

7.5HIGH

CVE-2022-37032

< 8.4

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This o

9.1CRITICAL

CVE-2022-37035

all versions

An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, t

8.1HIGH

CVE-2022-26129

<= 8.1

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_

7.8HIGH

CVE-2022-26128

<= 8.1

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_pac

7.8HIGH

CVE-2022-26127

<= 8.1

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_p

7.8HIGH

CVE-2022-26126

< 8.2

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string

7.8HIGH

CVE-2022-26125

<= 8.1

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs

7.8HIGH

CVE-2019-5892

>= 2.0 and <= 2.0.2

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2

6.5MEDIUM

CVE-2017-15865

< 2.0.2

bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote

7.5HIGH