CVE-2026-37457

FRRouting 10.0 - DoS

Title source: llm

Description

An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.

References (1)

Core 1

Core References

https://github.com/FRRouting/frr/commit/0e6882bc72c0278988a47b2f0f73b7a91099a25c

View Patch ZIP pw:eip

Scores

EPSS 0.0004

EPSS Percentile 11.9%

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

Status published

Published May 01, 2026

Tracked Since May 01, 2026