366 matches found
CVE-2026-37459
An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
EUVD-2026-27047
An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2026-37461
An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2026-37461
CVE-2026-37461 describes an out-of-bounds read in gobgp v4.3.0, in the ParseIP6Extended function (/bgp/bgp.go). The vulnerability can be exploited by a crafted BGP UPDATE message, leading to a Denial of Service. The provided documents identify the affected component and the root cause, but do not...
CVE-2026-37461
An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2026-37459
FRRouting (FRR) versions stable/10.0 through stable/10.6 are affected by an integer underflow in BGP UPDATE processing, allowing an attacker to induce a Denial of Service. The vulnerability arises in the handling of crafted BGP UPDATE messages. No explicit exploit details or affected product name...
PT-2026-36875
Name of the Vulnerable Software and Affected Versions FRRouting FRR versions 10.0 through 10.6 Description An integer underflow occurs when a program calculates a value that is smaller than the minimum value the variable can hold, often wrapping around to a very large number. This issue allows...
GoBGP has Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE
Summary A remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during the processing of 4-byte AS attributes when the message structure causes an internal slice index shift that is not...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the recvMessageloop process. An attacker can cause the daemon to crash by sending a specially crafted BGP UPDATE message containing an unrecognized Path Attribute marked as "Well-known," which leads to a nil...
GHSA-7235-89M6-F4PX GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...
PT-2026-37135
Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.4.0 Description A remote Denial of Service DoS issue exists due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to...
Juniper Junos OS Vulnerability (JSA83015)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA83015 advisory. - An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sendin...
MiracleLinux 8 : frr-7.5.1-7.el8.2.ML.1 (AXSA:2023-6437:06)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6437:06 advisory. frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router CVE-2023-38802 Tenable has extracted the preceding...
MiracleLinux 9 : frr-8.3.1-5.el9.2.ML.1 (AXSA:2023-6435:05)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6435:05 advisory. frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router CVE-2023-38802 Tenable has extracted the preceding...
CVE-2025-60003
A Buffer Over-read vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When an affected device receives a BGP update with a set of specific optional transitive...
PT-2026-3110
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S8 Juniper Networks Junos OS versions 23.2 through 23.2R2-S5 Juniper Networks Junos OS versions 23.4 through 23.4R2-S6 Juniper Networks Junos OS versions 24.2 through 24.2R2-S2 Juniper Network...
Siemens Ruggedcom ROX Improper Input Validation (CVE-2023-47234)
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes. This plugin only works with Tenable.ot. Please visit...
Siemens Ruggedcom ROX Incorrect Authorization (CVE-2023-46753)
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
EUVD-2025-33363
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service DoS. When an affected system receives a specific BGP EVPN updat...
EUVD-2016-2553
Malware in sbrugna...