19 matches found
Important: Red Hat Security Advisory: frr10 security update
An update for frr10 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
CVE-2026-37460
Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2026-37461
An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2008-2169
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service dropped session via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372...
Code injection
The BGP daemon bgpd in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute...
CVE-2023-45886
The CVE-2023-45886 issue affects the BGP daemon (bgpd) in IP Infusion ZebOS up to version 7.10.6. It allows remote attackers to cause a DoS by sending crafted BGP UPDATE messages with a malformed attribute. Public sources (Red Hat advisory, CERT VU, and F5/K000137315) corroborate the vulnerabilit...
CVE-2023-45886
The BGP daemon bgpd in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute...
Fedora 37 : frr (2023-ce436d56f8)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ce436d56f8 advisory. New version 8.5.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Denial Of Service (DoS)
libfrr.so is vulnerable to Denial Of service attack. The vulnerability arises due to a lack of validation the bgpattrcheck method. Am attacker can cause a crash by sending a crafted BGP UPDATE message...
CVE-2023-47234
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...
CVE-2023-4481 Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481)
An Improper Input Validation vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When certain specific crafted BGP UPDATE messages are received over an established BG...
CVE-2023-38802
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 Tunnel Encapsulation...
Race condition
A vulnerability with the Border Gateway Protocol BGP for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service DoS condition. This...
CVE-2021-1230 Cisco Nexus 9000 Series Fabric Switches ACI Mode BGP Route Installation Denial of Service Vulnerability
A vulnerability with the Border Gateway Protocol BGP for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service DoS condition. This...
CVE-2013-6051
The bgpattrunknown function in bgpattr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service bgpd crash via a crafted BGP update...
Heap overflow
Heap-based buffer overflow in the ecommunityecom2str function in bgpecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4...
CVE-2011-3327
Heap-based buffer overflow in the ecommunityecom2str function in bgpecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4...
Design/Logic Flaw
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service dropped session via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372...
Design/Logic Flaw
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service dropped session via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372...