Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
frrouting frrouting vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34088
In FRRouting (FRR) up to and including 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
NA
CVE-2024-31948
In FRRouting (FRR) up to and including 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
NA
CVE-2024-31949
In FRRouting (FRR) up to and including 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.
NA
CVE-2024-31950
In FRRouting (FRR) up to and including 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).
NA
CVE-2024-31951
In the Opaque LSA Extended Link parser in FRRouting (FRR) up to and including 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
NA
CVE-2024-27913
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) up to and including 9.1 allows remote malicious users to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
NA
CVE-2023-38407
bgpd/bgp_label.c in FRRouting (FRR) prior to 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
Frrouting Frrouting
NA
CVE-2023-38406
bgpd/bgp_flowspec.c in FRRouting (FRR) prior to 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
Frrouting Frrouting
NA
CVE-2023-47235
An issue exists in FRRouting FRR up to and including 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
Frrouting Frrouting
NA
CVE-2023-47234
An issue exists in FRRouting FRR up to and including 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
Frrouting Frrouting
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »