An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.

An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.

An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.