pkg:Debian/frr
55 total CVEsCRITICAL6HIGH34MEDIUM14
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2023-38406bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."from 0, < 7.5.1-1.1+deb11u3
- from 0
- from 0, < 8.4.4-1.1~deb12u1
- from 0, < 7.5.1-1.1+deb11u1
- from 0, < 7.5.1-1.1+deb11u1
- from 0, < 6.0.2-2+deb10u2
- from 0, < 7.5.1-1.1+deb11u3
- HIGH7.8CVE-2022-26129Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_sub…from 0, < 7.5.1-1.1+deb11u3
- HIGH7.8CVE-2022-26128A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_exami…from 0, < 7.5.1-1.1+deb11u3
- HIGH7.8CVE-2022-26127A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_exa…from 0, < 7.5.1-1.1+deb11u3
- HIGH7.8CVE-2022-26126Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_…from 0, < 7.5.1-1.1+deb11u3
- from 0, < 7.5.1-1.1+deb10u2
- from 0, < 7.5.1-1.1+deb11u3
- from 0, < 7.5.1-1.1+deb11u3
- HIGH7.5CVE-2026-37459An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a craf…from 0
- HIGH7.5CVE-2026-37457An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stab…from 0
- HIGH7.5CVE-2025-61107FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at…from 0
- HIGH7.5CVE-2025-61106FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at…from 0
- HIGH7.5CVE-2025-61104FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_…from 0
- HIGH7.5CVE-2025-61103FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function…from 0
- HIGH7.5CVE-2025-61105FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ex…from 0
- HIGH7.5CVE-2025-61102FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at…from 0
- HIGH7.5CVE-2025-61101FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr functio…from 0
- HIGH7.5CVE-2025-61100FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_…from 0
- HIGH7.5CVE-2025-61099FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_op…from 0
- from 0, < 7.5.1-1.1+deb11u4
- from 0, < 7.5.1-1.1+deb11u4
- from 0, < 7.5.1-1.1+deb11u3
- HIGH7.5CVE-2024-34088In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer.from 0
- HIGH7.5CVE-2023-38407bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.from 0, < 7.5.1-1.1+deb11u3
- from 0, < 7.5.1-1.1+deb11u3
- from 0, < 7.5.1-1.1+deb11u3
- from 0, < 7.5.1-1.1+deb11u3
- HIGH7.5CVE-2023-38802FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with…from 0, < 7.5.1-1.1+deb11u2
- from 0, < 7.5.1-1.1+deb11u2
- HIGH7.5CVE-2023-3748A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored.from 0
- from 0, < 7.5.1-1.1+deb11u2
- from 0, < 7.5.1-1.1+deb11u2
- from 0, < 7.5.1-1.1+deb11u2
- from 0, < 7.5.1-1.1+deb10u1
- MEDIUM6.5CVE-2026-37458Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cau…from 0
- MEDIUM6.5CVE-2024-31951In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext…from 0
- MEDIUM6.5CVE-2024-31950In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt…from 0
- MEDIUM6.5CVE-2024-31949In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data…from 0, < 7.5.1-1.1+deb11u3
- MEDIUM6.5CVE-2024-31948In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to cras…from 0, < 7.5.1-1.1+deb11u3
- MEDIUM6.5CVE-2024-27913ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash…from 0
- from 0, < 7.5.1-1.1+deb11u2
- from 0, < 7.5.1-1.1+deb11u2
- from 0, < 7.5.1-1.1+deb11u2
- from 0, < 7.5.1-1.1+deb11u3
- from 0, < 7.5.1-1.1+deb11u3
- MEDIUM5.5CVE-2023-31489An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.from 0, < 8.4.4-1
- MEDIUM5.3CVE-2020-12831An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1.from 0
- from 0
- —CVE-2026-28532FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functio…from 0