Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Frrouting
(Frrouting)| Repositories | https://github.com/FRRouting/frr |
| #Vulnerabilities | 28 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-03 | CVE-2022-26125 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. | Frrouting | 7.8 | ||
| 2022-03-03 | CVE-2022-26126 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. | Fedora, Frrouting | 7.8 | ||
| 2022-03-03 | CVE-2022-26127 | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. | Frrouting | 7.8 | ||
| 2022-03-03 | CVE-2022-26128 | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. | Frrouting | 7.8 | ||
| 2022-03-03 | CVE-2022-26129 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. | Frrouting | 7.8 | ||
| 2022-08-02 | CVE-2022-37035 | An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. | Frrouting | 8.1 | ||
| 2023-10-26 | CVE-2023-46752 | An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. | Frrouting | 5.9 | ||
| 2023-10-26 | CVE-2023-46753 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. | Frrouting | 5.9 | ||
| 2023-11-03 | CVE-2023-47234 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). | Frrouting | 7.5 | ||
| 2023-11-03 | CVE-2023-47235 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. | Frrouting | 7.5 |