Primary

Context

FRRouting Off-By-One Write Vulnerability in FlowSpec Operator Decoding Function Allowing Denial-of-Service

Vulnerability

An off-by-one out-of-bounds write vulnerability has been identified in the bgp_flowspec_op_decode() function of FRRouting (FRR) stable/10.0. This vulnerability allows attackers to cause a denial-of-service by supplying a crafted FlowSpec component. The issue arises from improper bounds checking in the FlowSpec operator array, which can be exploited when more than five chained operators are present.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to become unresponsive or unavailable.

Remediation

Users can update to the latest version of FRRouting where this vulnerability has been patched. Instructions for updating can be found in the FRRouting documentation.

Added: May 1, 2026, 6:19 PM

Updated: May 1, 2026, 6:19 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.2

remediation

7.7

relevance

7.2

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.2

remediation

7.7

relevance

7.2

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FRRouting Off-By-One Write Vulnerability in FlowSpec Operator Decoding Function Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

FRRouting

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating