CVE-2009-2055

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service session reset via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009...

CVE-2009-2056

Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service process crash via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path...

CVE-2009-1154

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service process crash via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute...

CVE-2025-30657

An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon SRRD of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for flow-monitoring receives a specific BGP update message, i...

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2022-3094]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-3094 Vulnerability Details CVEID:CVE-2022-3094 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the allocation of memory prior to...

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. Researchers from various companies reported this campaign in August and September. The attackers, primarily targeting gamers, initially delivered the Lumma stealer to...

CVE-2024-47507 Junos OS and Junos OS Evolved: BGP update message containing aggregator attribute with an ASN value of zero (0) is accepted

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update messa...

CVE-2024-39555 Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service DoS. Continued recei...

CBL Mariner 2.0 Security Update: frr (CVE-2023-47234)

The version of frr installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-47234 advisory. - An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE...

The vulnerability of the network routing implementation software on Unix-like systems, related to memory release errors, allows a hacker to cause a service failure.

The vulnerability of the FRRouting software for implementing network routing on Unix-like systems is related to improper processing of the BGP UPDATE message sent with EOR. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

RHEL 5 : quagga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - quagga: VPNv4 NLRI parser memcpys to stack on unchecked length CVE-2016-2342 - quagga: Double free...

frr: crafted BGP UPDATE message leading to a crash

A flaw was found in FRRouting. A crash can occur for a crafted BGP UPDATE message without mandatory attributes for example, one with only an unknown transit attribute...

PT-2024-40748 · Git +1 · Pcapplusplus

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 2 crash has been reported. The crash involves the pcpp::BgpLayer::getHeaderLen, pcpp::Packet::shortenLayer, and...

DEBIAN-CVE-2024-31948

In FRRouting FRR through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash...

Moderate: Red Hat Security Advisory: frr security update

An update for frr is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

frr: crash from malformed EOR-containing BGP UPDATE message

An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR...

frr: crash from malformed EOR-containing BGP UPDATE message

An issue was found in FRRouting FRR, where a crash may occur when processing a malformed BGP UPDATE message with an EOR...

frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message

A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...

RHEL 8 : frr (RHSA-2024:1113)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1113 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR,...

Oracle Linux 9 : frr (ELSA-2024-0477)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0477 advisory. 8.3.1-11.2 - Add patches for CVE-2023-47235, CVE-2023-47234, CVE-2023-38406, CVE-2023-38407 Tenable has extracted the preceding description block...