{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/frrouting/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-37459"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FRR"],"_cs_severities":["medium"],"_cs_tags":["bgp","dos","frrouting","network"],"_cs_type":"advisory","_cs_vendors":["FRRouting"],"content_html":"\u003cp\u003eCVE-2026-37459 is an integer underflow vulnerability affecting FRRouting (FRR), a widely used IP routing protocol suite for Linux and Unix platforms. The vulnerability resides in the BGP (Border Gateway Protocol) UPDATE message processing logic within FRR versions stable/10.0 to stable/10.6. A remote attacker can exploit this flaw by sending a specially crafted BGP UPDATE message to a vulnerable FRR instance, triggering an integer underflow. This underflow condition can lead to memory corruption or other unexpected behavior, ultimately causing the FRR process to crash and resulting in a Denial of Service (DoS) condition. This vulnerability poses a risk to network availability, as it can disrupt routing operations and impact network connectivity.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable FRR instance running a version between stable/10.0 and stable/10.6.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious BGP UPDATE message designed to trigger the integer underflow. The specific details of the message structure are not available in the provided source.\u003c/li\u003e\n\u003cli\u003eAttacker sends the crafted BGP UPDATE message to the vulnerable FRR instance over TCP port 179, the standard BGP port.\u003c/li\u003e\n\u003cli\u003eThe FRR instance receives the BGP UPDATE message and begins processing it.\u003c/li\u003e\n\u003cli\u003eDuring the processing of the BGP UPDATE message, the integer underflow occurs due to a calculation error.\u003c/li\u003e\n\u003cli\u003eThe integer underflow leads to memory corruption within the FRR process.\u003c/li\u003e\n\u003cli\u003eThe memory corruption causes the FRR process to crash.\u003c/li\u003e\n\u003cli\u003eThe crash of the FRR process results in a Denial of Service (DoS), disrupting routing operations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-37459 can lead to a Denial of Service (DoS) condition, impacting the availability of network routing services. While the exact number of affected organizations is unknown, FRR is used in a variety of network environments, including enterprise networks, service provider networks, and research networks. A successful attack could disrupt routing operations, leading to network outages, service disruptions, and potential financial losses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade FRRouting (FRR) to a patched version beyond stable/10.6 to remediate CVE-2026-37459.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious BGP UPDATE messages that may indicate exploitation attempts using the \u0026ldquo;Detect Suspicious BGP UPDATE Messages\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting for BGP UPDATE messages to mitigate the impact of a DoS attack.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T07:13:46Z","date_published":"2026-05-19T07:13:46Z","id":"https://feed.craftedsignal.io/briefs/2026-05-frr-bgp-dos/","summary":"An integer underflow vulnerability, CVE-2026-37459, in FRRouting (FRR) versions stable/10.0 to stable/10.6 allows a remote attacker to cause a Denial of Service (DoS) by sending a crafted BGP UPDATE message.","title":"CVE-2026-37459: FRRouting BGP UPDATE Message Integer Underflow DoS","url":"https://feed.craftedsignal.io/briefs/2026-05-frr-bgp-dos/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":6.5,"id":"CVE-2026-37458"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FRR stable/10.0","FRR stable/10.1","FRR stable/10.2","FRR stable/10.3","FRR stable/10.4","FRR stable/10.5","FRR stable/10.6"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","network","frrouting","cve-2026-37458"],"_cs_type":"threat","_cs_vendors":["FRRouting"],"content_html":"\u003cp\u003eFRRouting (FRR) is susceptible to a denial-of-service (DoS) vulnerability, tracked as CVE-2026-37458, affecting versions stable/10.0 through stable/10.6. The vulnerability lies within the MP_REACH_NLRI component and stems from a lack of input validation when processing UPDATE messages. An authenticated attacker can exploit this flaw by sending a specially crafted UPDATE message, leading to resource exhaustion or service interruption on the affected FRR instance. Successful exploitation can disrupt network routing and availability. Defenders should apply the appropriate patches or mitigations to prevent potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker gains network access to an FRR instance running a vulnerable version (stable/10.0 to stable/10.6).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious BGP UPDATE message specifically targeting the MP_REACH_NLRI component.\u003c/li\u003e\n\u003cli\u003eThis crafted UPDATE message contains invalid or oversized data within the NLRI (Network Layer Reachability Information) fields.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted UPDATE message to the targeted FRR instance.\u003c/li\u003e\n\u003cli\u003eThe FRR instance receives the crafted UPDATE message and attempts to process the malformed NLRI data.\u003c/li\u003e\n\u003cli\u003eDue to the missing input validation, the FRR instance consumes excessive resources (CPU, memory) while processing the invalid NLRI.\u003c/li\u003e\n\u003cli\u003eThe resource exhaustion leads to a denial of service, impacting the routing functionality of the FRR instance.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-37458 results in a denial-of-service condition, preventing the FRRouting instance from properly functioning. This can disrupt network routing, leading to connectivity issues and potential network outages. The impact is primarily a loss of availability for network services relying on the affected FRR instance. The number of potential victims depends on the deployment size of FRRouting within an organization\u0026rsquo;s network infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade FRRouting instances to a patched version beyond stable/10.6 to remediate CVE-2026-37458.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-37458 Exploitation Attempt - Malformed BGP UPDATE Message\u0026rdquo; to identify suspicious BGP UPDATE messages indicative of exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting for BGP UPDATE messages to mitigate the impact of potential DoS attacks.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual patterns related to BGP UPDATE messages.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T07:13:08Z","date_published":"2026-05-19T07:13:08Z","id":"https://feed.craftedsignal.io/briefs/2026-05-frrouting-dos/","summary":"A denial-of-service vulnerability, identified as CVE-2026-37458, exists in the MP_REACH_NLRI component of FRRouting versions stable/10.0 to stable/10.6, where authenticated attackers can trigger a DoS by sending a crafted UPDATE message due to missing input validation.","title":"FRRouting CVE-2026-37458 Denial of Service Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-frrouting-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Frrouting","version":"https://jsonfeed.org/version/1.1"}