39 matches found
frr: denial of service via crafted FlowSpec component
A flaw was found in FRRouting FRR. A remote attacker can exploit an off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function by supplying a specially crafted FlowSpec component. This issue can lead to a Denial of Service DoS...
CVE-2026-37457
An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...
UBUNTU-CVE-2026-37457
An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...
CVE-2026-37457
An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...
CVE-2026-37457
An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...
CVE-2026-37457
An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...
EUVD-2021-18277
Malware in sbrugna...
EUVD-2014-6270
Malware in sbrugna...
EUVD-2019-0810
Malware in sbrugna...
EUVD-2021-2830
Malicious code in bioql PyPI...
EUVD-2024-48006
Malicious code in bioql PyPI...
EUVD-2023-32582
Malicious code in bioql PyPI...
CVE-2024-6437
On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing PBR, BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's set nexthop action a...
CVE-2024-6437
CVE-2024-6437 affects Arista EOS when policy-based routing (PBR), BGP Flowspec, or interface traffic policy is configured to redirect traffic to a next hop. The issue causes certain IPv4 packets (e.g., with IP options) to bypass the configured nexthop and be slow-path forwarded by the kernel to t...
CVE-2024-6437 On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options ma
On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing PBR, BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's set nexthop action a...
PT-2025-3683 · Arista · Arista Eos
Name of the Vulnerable Software and Affected Versions: Arista EOS versions prior to 4.32.1F Description: The issue affects Arista EOS platforms with features like policy-based routing PBR, BGP Flowspec, or interface traffic policy configured to redirect IP traffic to a next hop. Certain IP traffi...
Security Advisory 0108
Security Advisory 0108 . CSAF PDF Date: December 5, 2024 Revision | Date | Changes ---|---|--- 1.0 | November 26, 2024 | Initial release 1.1 | December 5, 2024 | Update the affected and fixed EOS versions The CVE-ID tracking this issue: CVE-2024-6437 CVSSv3.1 Base Score: 5.8 CVSS:3.1/...
USN-6436-1: FRR vulnerabilities
It was discovered that the FRR did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. CVE-2023-41358 It was discovered that the FRR did not properly manage memory when reading initial bytes of ORF header. A remote attacke...
Ubuntu: Security Advisory (USN-6436-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-41909
An issue was discovered in FRRouting FRR through 9.0. bgpnlriparseflowspec in bgpd/bgpflowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference...