SUSE CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the DecodeFromBytes function. An attacker can trigger a nil pointer dereference and panic by supplying a malicious BGP UPDATE message with a declared section length shorter than the actual data...

CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

SUSE CVE-2026-37461

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37461

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37461

CVE-2026-37461 describes an out-of-bounds read in gobgp v4.3.0, in the ParseIP6Extended function (/bgp/bgp.go). The vulnerability can be exploited by a crafted BGP UPDATE message, leading to a Denial of Service. The provided documents identify the affected component and the root cause, but do not...

CVE-2026-37461

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

EUVD-2026-27047

An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

GoBGP has Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE

Summary A remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during the processing of 4-byte AS attributes when the message structure causes an internal slice index shift that is not...

EUVD-2024-42510

Malicious code in bioql PyPI...

CVE-2025-52980 Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message

A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a BGP update is received over an established BGP session which contains a...

CVE-2025-52980

CVE-2025-52980 is a Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series. An unauthenticated, network-based attacker can crash rpd by sending a BGP UPDATE on an established BGP session containing a specific valid optional ...

CVE-2009-2055

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service session reset via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009...

CVE-2009-2056

Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service process crash via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path...

CVE-2009-1154

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service process crash via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute...

CVE-2025-30657

An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon SRRD of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for flow-monitoring receives a specific BGP update message, i...

CVE-2024-47507 Junos OS and Junos OS Evolved: BGP update message containing aggregator attribute with an ASN value of zero (0) is accepted

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update messa...

CVE-2024-39555 Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service DoS. Continued recei...

CBL Mariner 2.0 Security Update: frr (CVE-2023-47234)

The version of frr installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-47234 advisory. - An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE...