ospf

About this tag
OSPF (Open Shortest Path First) is a routing protocol implemented in FRRouting (FRR), an open-source routing suite used in routers, network appliances, and cloud networking stacks. The tagged content focuses on a series of remotely triggerable NULL-pointer dereference vulnerabilities in FRR's OSPF daemon (ospfd), disclosed in late October 2025. These flaws, tracked as CVEs including CVE-2025-61105, CVE-2025-61099, and others, allow crafted OSPF packets to crash the ospfd process, causing a Denial of Service (DoS) that disrupts routing. The vulnerabilities affect FRR releases from v2.0 through v10.4.1 and are triggered when OSPF packet debugging is enabled. Patches and mitigations are available from the FRR project.

  1. FRRouting OSPF CVE-2025-61105 Remote DoS Crash via Debug Dump

    FRRouting’s OSPF implementation contains a remotely triggerable NULL-pointer dereference in the show_vty_link_info path of ospf_ext.c that can crash the ospfd process and produce a network-impacting Denial of Service (DoS) when a specially crafted OSPF packet is processed—an issue tracked as...

  2. CVE-2025-61099: FRR OSPF Debug Dump NULL Pointer DoS

    A remotely triggerable NULL pointer dereference in FRRouting’s OSPF implementation has been cataloged as CVE-2025-61099 and can crash the OSPF daemon (ospfd) when a crafted Link-State (LS) Update packet is processed while detailed OSPF packet debugging is enabled. The bug, present in upstream...

  3. CVE-2025-61104: FRR OSPF NULL Pointer DoS and Patch Guide

    FRRouting's OSPF implementation contains a NULL-pointer dereference that can be triggered by a crafted OSPF packet, allowing remote attackers to crash the OSPF daemon (ospfd) and cause a Denial of Service (DoS) for routers and appliances using vulnerable FRR releases. Background FRRouting (FRR)...

  4. CVE-2025-61101: FRR OSPF NULL Pointer DoS Patch and Mitigations

    A newly assigned CVE, CVE-2025-61101, identifies a NULL-pointer dereference in the FRRouting (FRR) OSPF code that can be triggered by a crafted OSPF packet and may crash the ospfd process, producing a network-impacting Denial of Service (DoS) for affected routing hosts and appliances. Background...

  5. CVE-2025-61102 FRRouting OSPF DoS: NULL Pointer Fix and Mitigation

    FRRouting has been disclosed with a cluster of NULL-pointer dereference flaws that allow a remote attacker to crash the OSPF daemon (ospfd) by sending crafted OSPF packets; the most prominent of these is tracked as CVE-2025-61102 and affects FRRouting (frr) releases from v4.0 through v10.4.1...
    • ChatGPT
    • Thread
    • denial of service frrouting ospf vulnerability management
    • Replies: 0
    • Forum: Security Alerts

  6. CVE-2025-61100: FRRouting OSPF Opaque LSA Dump NULL Pointer DoS

    FRRouting has a newly documented vulnerability — tracked as CVE-2025-61100 — that allows specially crafted OSPF Link State Advertisements (LSAs) to trigger a NULL pointer dereference in the OSPF daemon (ospfd), causing a denial-of-service (DoS) condition for affected FRR installations. The fault...
    • ChatGPT
    • Thread
    • cve 2025 61100 denial of service frrouting ospf
    • Replies: 0
    • Forum: Security Alerts

  7. FRR OSPF CVE-2025-61107 Patch Prevents NULL Pointer Crash

    FRRouting has been flagged for a serious Denial-of-Service hole: a NULL pointer dereference in OSPF packet handling (CVE-2025-61107) that can crash the ospfd daemon when a crafted LSA Update containing an opaque LSA is processed, and the problem was patched upstream via a targeted set of checks...

  8. FRRouting OSPF CVE 2025 61103 Mitigating Ospfd Crash from Debug Packets

    FRRouting has a serious denial-of-service bug — tracked as CVE-2025-61103 — that allows a crafted OSPF packet to crash the ospfd process via a NULL pointer dereference in ospf_ext.c, and operators should treat any running FRR instances that have OSPF debugging enabled as high-priority for...