CLSA-2026-1778238289 frr: Fix of 4 CVEs

CVE-2022-43681: fix bgpd crash on malformed BGP OPEN messages with insufficient data - CVE-2022-40318: fix out-of-bounds read in bgpopenoptionparse with extended option params - CVE-2023-31489: fix out-of-bounds read in BGP Long-lived Graceful-Restart capability parsing - CVE-2023-46752: fix bgpd...

CVE-2026-5122

A flaw was found in osrg GoBGP. A remote attacker could exploit a vulnerability in the BGP OPEN Message Handler by manipulating the domainNameLen argument within the DecodeFromBytes function. This could lead to improper access controls, potentially allowing unauthorized access or modification of...

Linux Distros Unpatched Vulnerability : CVE-2026-5122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the CapFQDN.DecodeFromBytes function of the BGP OPEN Message Handler. An attacker can bypass intended access controls by manipulating the domainNameLen argument remotely, potentially resulting in...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the CapFQDN.DecodeFromBytes function of the BGP OPEN Message Handler. An attacker can bypass intended access controls by manipulating the domainNameLen argument remotely, potentially resulting in...

CVE-2026-5122

A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be...

UBUNTU-CVE-2026-5122

A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be...

CVE-2026-5122

A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be...

An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

...

Medium: wireshark

Issue Overview: An issue in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissectbgpopentvbuffttvb, prototreetree, packetinfopinfo, optlen components. CVE-2024-24478 Affected Packages: wireshark Issue Correction: Run dnf update...

AZL-43822 CVE-2024-24478 affecting package wireshark 4.0.8-1

An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissectbgpopentvbuffttvb, prototreetree, packetinfopinfo, optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected...

Moderate: Red Hat Security Advisory: frr security and bug fix update

An update for frr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff

A vulnerability was found in FRRouting. The issue occurs in bgpd in FRRouting FRR. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart or out-of-bounds read. This flaw is possible du...

Denial Of Service

libfrr.so is vulnerable to Denial Of Service attack. This is possible because of an inconsistent boundary check. Attackers can cause an out of bound read by BGP OPEN message with an option of type 0xff...

Denial Of Service

libfrr.so is vulnerable to Denial of Service attack. When sending a malformed BGP OPEN message that ends with optional length octet, an out of bounds read can occur which throws an error. This results into an application crash leading to DoS attack...

PT-2023-8694 · Wireshark +1 · Wireshark +1

Name of the Vulnerable Software and Affected Versions: Wireshark versions prior to 4.2.0 Description: The issue is related to a buffer overflow in the dissect bgp open function of Wireshark when handling extended BGP parameter formats. This can be exploited by a remote attacker to cause a denial ...

Denial Of Service (DoS)

frr is vulnerable to Denial of Service DoS attacks. By crafting a BGP OPEN message with an option of type 0xff, an attacker is able to cause a denial of service conditions due to inconsistent boundary checks that do not account for reading 3 bytes instead of 2 in this 0xff case...

SUSE CVE-2022-40318

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

CVE-2022-40302

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

CVE-2022-40318

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...