17 matches found
RHEL 8 : frr (RHSA-2026:24340)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24340 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP an...
RHEL 9 : frr (RHSA-2026:24371)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24371 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP an...
Security update for frr
This update for frr fixes the following issues: CVE-2025-61099: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. bsc1252838 CVE-2025-61100: Fixed a NULL pointer dereference, which may lead to a DoS vulnerability. bsc1252829 CVE-2025-61101: Fixed a NULL pointer dereference,...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : FRR vulnerabilities (USN-8046-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8046-1 advisory. It was discovered that FRR incorrectly handled certain malformed OSPF and update packets. A remote attacker could possibly use these...
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
...
CVE-2025-61107
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextprefprefsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted LSA Update packet...
PT-2025-44179
Name of the Vulnerable Software and Affected Versions FRRouting/frr versions 4.0 through 10.4.1 Description A flaw exists in FRRouting/frr that involves a NULL pointer dereference within the show vty ext link lan adj sid function, located in the ospf ext.c file. This issue can be triggered by a...
Linux Distros Unpatched Vulnerability : CVE-2025-61100
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospfopaquelsadump function at ospfopaque.c. This...
AZL-55066 CVE-2024-55553 affecting package frr for versions less than 9.1.1-3
In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than th...
AZL-40261 CVE-2024-34088 affecting package frr for versions less than 8.5.3-6
In FRRouting FRR through 9.1, it is possible for the getedge function in ospfte.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service...
Debian dla-3797 : frr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3797 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3797-1 [email protected]...
frr: Reachable assertion in peek_for_as4_capability function
A reachable assertion flaw was found in Frrouting frr-bgpd in the peekforas4capability function. This flaw allows an attacker to maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in a denial of service...
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash.
...
AZL-31728 CVE-2023-46753 affecting package frr for versions less than 8.5.3-3
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute...
frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router
A vulnerability was found in FRRouting FRR. This flaw allows a remote attacker to cause a denial of service issue via a crafted BGP update with a corrupted attribute 23 Tunnel Encapsulation...
UBUNTU-CVE-2023-31490
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgpattrpsidsub function...
Frrouting frr-bgpd 安全漏洞
Frrouting frr-bgpd is a Frrouting open source freeware for implementing and managing various IPv4 and IPv6 routing protocols. A security vulnerability exists in Frrouting frr-bgpd version v.8.4.2, which originated from a vulnerability that allows remote attackers to cause a denial of service via...