7.5

CVE-2026-37459

An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream (v. 10)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AppStream (v. 9)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.29
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://github.com/FRRouting/frr/commit/693a2e02687cdc9d16501275e05136edea9650d9
https://access.redhat.com/errata/RHSA-2026:24347
https://access.redhat.com/errata/RHSA-2026:24370
https://access.redhat.com/security/cve/CVE-2026-37459
https://bugzilla.redhat.com/show_bug.cgi?id=2466513
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-37459.json