You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
frrouting bgpd
About this tag
The frrouting bgpd tag covers discussions about FRRouting's BGP daemon, particularly security vulnerabilities affecting the routing control plane. A key topic is CVE-2026-37457, a high-severity denial-of-service flaw in FRRouting's BGP FlowSpec handling that involves an off-by-one out-of-bounds write in bgp_flowspec_op_decode(). While not a Windows vulnerability, it matters to Windows network administrators because Windows networks often rely on Linux-based routing stacks, virtual appliances, and cloud images that incorporate open-source routing code. The tag highlights how software memory bugs in routing daemons can lead to infrastructure outages, emphasizing the importance of patching and monitoring for such CVEs in mixed environments.
CVE-2026-37457 is a high-severity denial-of-service flaw disclosed in May 2026 in FRRouting’s BGP FlowSpec handling, where a crafted FlowSpec component can trigger an off-by-one out-of-bounds write in bgp_flowspec_op_decode() within bgpd/bgp_flowspec_util.c. The bug is not a Windows...