You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
frrouting
About this tag
FRRouting (FRR) is an open-source routing suite used in routers, network appliances, and cloud networking stacks to implement protocols such as OSPF, BGP, and IS-IS. Discussions on WindowsForum.com focus on several high-severity vulnerabilities in FRR's OSPF implementation, including CVE-2025-61105, CVE-2025-61104, CVE-2025-61102, CVE-2025-61100, CVE-2025-61107, and CVE-2025-61103, all of which involve NULL-pointer dereferences that can be triggered by crafted OSPF packets, causing the ospfd daemon to crash and resulting in a Denial of Service (DoS). Additionally, CVE-2023-41361 is a boundary-checking bug in BGP OPEN handling that could cause a crash or buffer overflow. Patches and mitigation strategies are discussed for each vulnerability.
FRRouting’s OSPF implementation contains a remotely triggerable NULL-pointer dereference in the show_vty_link_info path of ospf_ext.c that can crash the ospfd process and produce a network-impacting Denial of Service (DoS) when a specially crafted OSPF packet is processed—an issue tracked as...
FRRouting users and network operators should treat CVE‑2023‑41361 as a serious, remediable threat: a boundary-checking bug in the BGP OPEN handling of FRR 9.0 allowed an attacker to send a crafted BGP OPEN whose received software version field exceeded expected bounds, triggering a crash or...
FRRouting's OSPF implementation contains a NULL-pointer dereference that can be triggered by a crafted OSPF packet, allowing remote attackers to crash the OSPF daemon (ospfd) and cause a Denial of Service (DoS) for routers and appliances using vulnerable FRR releases. Background
FRRouting (FRR)...
FRRouting has been disclosed with a cluster of NULL-pointer dereference flaws that allow a remote attacker to crash the OSPF daemon (ospfd) by sending crafted OSPF packets; the most prominent of these is tracked as CVE-2025-61102 and affects FRRouting (frr) releases from v4.0 through v10.4.1...
FRRouting has a newly documented vulnerability — tracked as CVE-2025-61100 — that allows specially crafted OSPF Link State Advertisements (LSAs) to trigger a NULL pointer dereference in the OSPF daemon (ospfd), causing a denial-of-service (DoS) condition for affected FRR installations. The fault...
FRRouting has been flagged for a serious Denial-of-Service hole: a NULL pointer dereference in OSPF packet handling (CVE-2025-61107) that can crash the ospfd daemon when a crafted LSA Update containing an opaque LSA is processed, and the problem was patched upstream via a targeted set of checks...
FRRouting has a serious denial-of-service bug — tracked as CVE-2025-61103 — that allows a crafted OSPF packet to crash the ospfd process via a NULL pointer dereference in ospf_ext.c, and operators should treat any running FRR instances that have OSPF debugging enabled as high-priority for...