Security update for frr (important)

openSUSE security update: security update for frr ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20898-1 Rating: important References: bsc1261013 bsc1263859 bsc1263863 bsc1263974 Cross-References: CVE-2026-28532 CVE-2026-37457 CVE-2026-37458...

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

CVE-2026-7734

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

Juniper Junos OS Vulnerability (JSA100080)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100080 advisory. - A Reachable Assertion vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker...

Juniper Junos OS Vulnerability (JSA92867)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA92867 advisory. - An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon rpd allows an unauthenticated, network-based attacker to se...

Juniper Junos OS Vulnerability (JSA100092)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100092 advisory. - A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, lo...

Juniper Junos OS Vulnerability (JSA96465)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96465 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local,...

Juniper Junos OS Vulnerability (JSA83018)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA83018 advisory. - An Unchecked Return Value vulnerability in the Routing Protocol Daemon rpd on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent,...

ROS-20260417-73-0001

Vulnerability in frr related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

EUVD-2026-9789

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

Security update for frr

This update for frr fixes the following issues: CVE-2025-61099: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. bsc1252838 CVE-2025-61100: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. bsc1252829 CVE-2025-61101: Fixed a NULL pointer dereference,...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : FRR vulnerabilities (USN-8046-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8046-1 advisory. It was discovered that FRR incorrectly handled certain malformed OSPF and update packets. A remote attacker could possibly use these...

OPENSUSE-SU-2026:10207-1 frr-10.2.1-4.1 on GA media

These are all security issues fixed in the frr-10.2.1-4.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-61107 affecting package frr for versions less than 9.1.1-5

CVE-2025-61107 affecting package frr for versions less than 9.1.1-5. A patched version of the package is available...

CVE-2025-59959

An Untrusted Pointer Dereference vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service DoS. When the command 'show route detail' is executed, and at least one of th...

CVE-2025-60011

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a...

CVE-2025-60003

A Buffer Over-read vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When an affected device receives a BGP update with a set of specific optional transitive...

CVE-2026-21909

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt...

CVE-2026-21909

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt...