NIXPKGS-2026-1350

GitHub issue published on

Permalink CVE-2026-28532

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 4 hours ago by @LeSuisse Activity log

Created suggestion 14 hours ago
@LeSuisse ignored
2 references
- https://www.vulncheck.com/advisories/fr…
- https://github.com/FRRouting/frr/releas…
4 hours ago
@LeSuisse ignored package prometheus-frr-exporter 4 hours ago
@LeSuisse accepted 4 hours ago
@LeSuisse published on GitHub 4 hours ago

FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. Attackers with an established OSPF adjacency can send a crafted LS Update packet with a malicious Type 10 or Type 11 Opaque LSA to trigger out-of-bounds memory reads and crash all affected routers in the OSPF area or autonomous system.