Frrouting

Frrouting

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-61099

Exploit
  • EPSS 0.18%
  • Veröffentlicht 27.10.2025 00:00:00
  • Zuletzt bearbeitet 03.11.2025 18:05:28

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.

7.5

CVE-2025-61100

Exploit
  • EPSS 0.24%
  • Veröffentlicht 27.10.2025 00:00:00
  • Zuletzt bearbeitet 03.11.2025 18:02:25

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA c...

7.5

CVE-2025-61105

Exploit
  • EPSS 0.18%
  • Veröffentlicht 27.10.2025 00:00:00
  • Zuletzt bearbeitet 03.11.2025 17:48:29

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

7.5

CVE-2025-61102

Exploit
  • EPSS 0.24%
  • Veröffentlicht 27.10.2025 00:00:00
  • Zuletzt bearbeitet 03.11.2025 17:49:32

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

7.5

CVE-2024-55553

  • EPSS 0.19%
  • Veröffentlicht 06.01.2025 23:15:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB ...

7.5

CVE-2024-44070

  • EPSS 0.12%
  • Veröffentlicht 19.08.2024 02:15:04
  • Zuletzt bearbeitet 04.11.2025 17:16:05

An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.

7.5

CVE-2024-34088

  • EPSS 0.06%
  • Veröffentlicht 30.04.2024 19:15:23
  • Zuletzt bearbeitet 01.05.2025 14:48:49

In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of...

6.5

CVE-2024-31951

  • EPSS 0.09%
  • Veröffentlicht 07.04.2024 21:15:07
  • Zuletzt bearbeitet 01.05.2025 14:48:36

In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not val...

6.5

CVE-2024-31950

  • EPSS 0.32%
  • Veröffentlicht 07.04.2024 21:15:07
  • Zuletzt bearbeitet 01.05.2025 14:48:17

In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).

6.5

CVE-2024-31949

  • EPSS 0.04%
  • Veröffentlicht 07.04.2024 21:15:07
  • Zuletzt bearbeitet 04.11.2025 17:15:51

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.