{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/frr/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-37459"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FRR"],"_cs_severities":["medium"],"_cs_tags":["bgp","dos","frrouting","network"],"_cs_type":"advisory","_cs_vendors":["FRRouting"],"content_html":"\u003cp\u003eCVE-2026-37459 is an integer underflow vulnerability affecting FRRouting (FRR), a widely used IP routing protocol suite for Linux and Unix platforms. The vulnerability resides in the BGP (Border Gateway Protocol) UPDATE message processing logic within FRR versions stable/10.0 to stable/10.6. A remote attacker can exploit this flaw by sending a specially crafted BGP UPDATE message to a vulnerable FRR instance, triggering an integer underflow. This underflow condition can lead to memory corruption or other unexpected behavior, ultimately causing the FRR process to crash and resulting in a Denial of Service (DoS) condition. This vulnerability poses a risk to network availability, as it can disrupt routing operations and impact network connectivity.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable FRR instance running a version between stable/10.0 and stable/10.6.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious BGP UPDATE message designed to trigger the integer underflow. The specific details of the message structure are not available in the provided source.\u003c/li\u003e\n\u003cli\u003eAttacker sends the crafted BGP UPDATE message to the vulnerable FRR instance over TCP port 179, the standard BGP port.\u003c/li\u003e\n\u003cli\u003eThe FRR instance receives the BGP UPDATE message and begins processing it.\u003c/li\u003e\n\u003cli\u003eDuring the processing of the BGP UPDATE message, the integer underflow occurs due to a calculation error.\u003c/li\u003e\n\u003cli\u003eThe integer underflow leads to memory corruption within the FRR process.\u003c/li\u003e\n\u003cli\u003eThe memory corruption causes the FRR process to crash.\u003c/li\u003e\n\u003cli\u003eThe crash of the FRR process results in a Denial of Service (DoS), disrupting routing operations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-37459 can lead to a Denial of Service (DoS) condition, impacting the availability of network routing services. While the exact number of affected organizations is unknown, FRR is used in a variety of network environments, including enterprise networks, service provider networks, and research networks. A successful attack could disrupt routing operations, leading to network outages, service disruptions, and potential financial losses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade FRRouting (FRR) to a patched version beyond stable/10.6 to remediate CVE-2026-37459.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious BGP UPDATE messages that may indicate exploitation attempts using the \u0026ldquo;Detect Suspicious BGP UPDATE Messages\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting for BGP UPDATE messages to mitigate the impact of a DoS attack.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T07:13:46Z","date_published":"2026-05-19T07:13:46Z","id":"https://feed.craftedsignal.io/briefs/2026-05-frr-bgp-dos/","summary":"An integer underflow vulnerability, CVE-2026-37459, in FRRouting (FRR) versions stable/10.0 to stable/10.6 allows a remote attacker to cause a Denial of Service (DoS) by sending a crafted BGP UPDATE message.","title":"CVE-2026-37459: FRRouting BGP UPDATE Message Integer Underflow DoS","url":"https://feed.craftedsignal.io/briefs/2026-05-frr-bgp-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — FRR","version":"https://jsonfeed.org/version/1.1"}