Exploit Database

144,703 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-61105 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet Processing
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61104 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet Handling in show_vty_unknown_tlv
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61104 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet Handling in show_vty_unknown_tlv
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61104 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet Handling in show_vty_unknown_tlv
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61103 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet in show_vty_ext_link_lan_adj_sid
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61103 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet in show_vty_ext_link_lan_adj_sid
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61103 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet in show_vty_ext_link_lan_adj_sid
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61102 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet in show_vty_ext_link_adj_sid
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61102 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet in show_vty_ext_link_adj_sid
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61102 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet in show_vty_ext_link_adj_sid
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61101 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet Handling in show_vty_ext_link_rmt_itf_addr
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61101 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet Handling in show_vty_ext_link_rmt_itf_addr
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61101 WRITEUP HIGH
FRRouting 4.0-10.4.1 - Denial of Service via OSPF Packet Handling in show_vty_ext_link_rmt_itf_addr
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
CVSS 7.5
CVE-2025-61100 WRITEUP HIGH
FRRouting 2.0-10.4.1 - Denial of Service via OSPF Opaque LSA Dump Function
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
CVSS 7.5
CVE-2025-61100 WRITEUP HIGH
FRRouting 2.0-10.4.1 - Denial of Service via OSPF Opaque LSA Dump Function
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
CVSS 7.5
CVE-2025-61100 WRITEUP HIGH
FRRouting 2.0-10.4.1 - Denial of Service via OSPF Opaque LSA Dump Function
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
CVSS 7.5
CVE-2025-61099 WRITEUP HIGH
FRRouting 2.0-10.4.1 - Denial of Service via OSPF Opaque LSA Update Packet
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
CVSS 7.5
CVE-2025-61099 WRITEUP HIGH
FRRouting 2.0-10.4.1 - Denial of Service via OSPF Opaque LSA Update Packet
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
CVSS 7.5
CVE-2025-61099 WRITEUP HIGH
FRRouting 2.0-10.4.1 - Denial of Service via OSPF Opaque LSA Update Packet
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
CVSS 7.5
CVE-2024-55553 WRITEUP HIGH
FRRouting 6.0-10.2.1 - Denial of Service via RTR Update Buffer Overflow
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.
CVSS 7.5
CVE-2024-44070 WRITEUP HIGH
FRRouting < 10.1 - Denial of Service via BGP Attribute TLV Length Mismatch
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
CVSS 7.5
CVE-2024-34088 WRITEUP HIGH
FRRouting < 9.1 - Denial of Service via NULL Pointer Dereference in OSPF get_edge Function
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
CVSS 7.5
CVE-2024-31951 WRITEUP MEDIUM
FRRouting < 9.1 - Denial of Service via OSPF LSA Segment Routing Adjacency SID SubTLV Parsing
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
CVSS 6.5
CVE-2024-31951 WRITEUP MEDIUM
FRRouting < 9.1 - Denial of Service via OSPF LSA Segment Routing Adjacency SID SubTLV Parsing
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
CVSS 6.5
CVE-2024-31950 WRITEUP MEDIUM
FRRouting < 9.1 - Buffer Overflow in OSPF LSA Segment Routing subTLV Parsing
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).
CVSS 6.5
By Source
All 144,703 Writeup 62,507 Exploitdb 50,076 Nomisec 22,465 Github 3,690 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,604 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25