SUSE-SU-2026:2121-1 Security update for frr

This update for frr fixes the following issues: - CVE-2025-61099: NULL Pointer Dereference in FRRouting bsc1252838. - CVE-2025-61100: NULL Pointer Dereference in FRRouting bsc1252829. - CVE-2025-61101: NULL Pointer Dereference in FRRouting bsc1252833. - CVE-2025-61102: NULL Pointer Dereference in...

UBUNTU-CVE-2026-30405

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXTHOP path attribute...

CVE-2026-30405

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXTHOP path attribute...

MiracleLinux 9 : frr-8.3.1-5.el9.ML.1 (AXSA:2023-5523:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5523:02 advisory. frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service CVE-2022-37032 Tenable has extracted the preceding...

CVE-2023-45886

The BGP daemon bgpd in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute...

CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...

Siemens Ruggedcom ROX Out-of-bounds Read (CVE-2022-37032)

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgpcapabilitymsgparse in bgpd/bgppacket.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

PT-2026-25770

Name of the Vulnerable Software and Affected Versions GoBGP versions 4.2.0 Description An issue allows a remote attacker to cause a denial of service via the NEXT HOP path attribute. The issue resides in the handling of the NEXT HOP path attribute within the GoBGP software. Recommendations At the...

EUVD-2018-17152

Malware in sbrugna...

EUVD-2018-17150

Malware in sbrugna...

EUVD-2018-9292

Malware in sbrugna...

EUVD-2019-6979

Malware in sbrugna...

EUVD-2022-39686

Malicious code in bioql PyPI...

EUVD-2023-50149

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-37032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgpcapabilitymsgparse...

Alibaba Cloud Linux 3 : 0073: frr (ALINUX3-SA-2023:0073)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0073 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-37032: An out-of-bounds read in the BGP...

Linux Distros Unpatched Vulnerability : CVE-2018-5381

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Quagga BGP daemon bgpd prior to version 1.2.3 has a bug in its parsing of Capabilities in BGP OPEN messages, in the bgppacket.c:bgpcapabilitymsgparse...

Linux Distros Unpatched Vulnerability : CVE-2018-5380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Quagga BGP daemon bgpd prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input...

CVE-2023-40457

Affected software: Extreme Networks ExtremeXOS (EXOS) 30.7.1.1 running BGP daemon. Issue: BGP UPDATE attribute error mishandling for path attributes 21 and 25 can allow a remote attacker (not necessarily on a directly connected network) to trigger a denial-of-service by resetting BGP sessions. Ve...

CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...