GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)

Summary Remote Denial of Service DoS via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly...

PT-2026-37259

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.5.0 Description An unauthenticated remote BGP peer can cause a fatal panic and complete loss of service availability by sending a specially crafted BGP UPDATE message. When the server receives a message with...

AZL-79565 CVE-2025-69652 affecting package binutils 2.41-10

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

DEBIAN-CVE-2025-69652

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

CVE-2025-69652

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

CVE-2025-69652

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

CVE-2025-60011

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a...

CVE-2025-14512 Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

CLSA-2025-1762420748 frr: Fix of 4 CVEs

CVE-2023-41358: fix crash when processing NLRIs with zero attribute length - CVE-2023-47235: fix EOR handling to avoid unwanted processing of malformed attributes - CVE-2023-46753: fix mandatory attributes check for UPDATE messages with unknown transit attributes - CVE-2023-47234: fix handling...

EUVD-2009-0594

Malware in sbrugna...

EUVD-2019-6908

Malware in sbrugna...

CVE-2005-3077

Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service crash via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI...

SUSE CVE-2024-26849

In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nlavalidaterangeunsigned lib/nlattr.c:222 inline BUG: KMSAN: uninit-value in nlavalidateintrange lib/nlattr.c:336 inline BUG: KMSAN: uninit-value in...

CVE-2023-45886

The BGP daemon bgpd in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute...

Cisco IOS XR BGP EVPN Denial of Service Vulnerability (CNVD-2020-07196)

Cisco IOS XR is a fully modular and fully distributed network interconnect operating system. A denial of service vulnerability exists in the implementation of the Border Gateway Protocol BGP Ethernet VPN EVPN feature in Cisco IOS XR 6.6.1 and later. The vulnerability stems from improper handling ...

CVE-2007-2028

Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service memory consumption via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUEPAIR...

CVE-2004-0960

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service core dump via malformed USR vendor-specific attributes VSA that cause a memcpy operation with a -1 argument...

MS02-025: Exchange 2000 Exhaust CPU Resources (320436)

The remote host is running Exchange Server 2000. The remote version of this software contains a flaw that allows an attacker to cause a temporary denial of service. To do this, the attacker needs to send an email message with malformed attributes. CPU utilization will spike at 100% until the...

CVE-2001-0650

Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute...