FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.

...

UBUNTU-CVE-2025-61100

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospfopaquelsadump function at ospfopaque.c. This vulnerability allows attackers to cause a Denial of Service DoS under specific malformed LSA conditions...

CVE-2013-5565

The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service process crash via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176...

DEBIAN-CVE-2024-27913

ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...

Design/Logic Flaw

The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service process crash via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176...