CVE-2026-37460 in FRR
Summary
by MITRE • 06/03/2026
Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/05/2026
The vulnerability identified in FRRouting's rfapiRibBi2Ri() function represents a critical denial of service weakness that affects versions 10.0 through 10.6 of the software. This issue stems from insufficient input validation within the routing information base processing component, specifically when handling BGP UPDATE messages. The flaw exists in the rfapi_rib.c source file where the function fails to properly validate incoming data structures before processing them, creating an exploitable condition that can be triggered by maliciously crafted network packets.
The technical implementation of this vulnerability manifests when the rfapiRibBi2Ri() function receives a specially crafted BGP UPDATE message that contains malformed or unexpected data within the routing information fields. Without proper validation checks, the function proceeds to process these invalid inputs, potentially leading to memory corruption, stack overflow conditions, or other runtime errors that cause the routing daemon to crash or become unresponsive. This behavior directly violates the principle of defensive programming and demonstrates a failure to implement proper data sanitization measures before processing external inputs.
From an operational perspective, this vulnerability poses significant risks to network infrastructure stability and availability. Network operators running affected FRRouting versions may experience unexpected service disruptions when malicious actors send crafted BGP UPDATE messages to their routers. The impact extends beyond simple service interruption as the DoS condition can affect routing convergence, potentially causing network-wide disruptions. The vulnerability can be exploited remotely without authentication requirements, making it particularly dangerous in production environments where BGP peering relationships are established with external peers.
The weakness aligns with CWE-20, which describes improper input validation, and represents a classic example of how insufficient validation can lead to system instability. According to ATT&CK framework, this vulnerability maps to T1499.004 - Endpoint Denial of Service, where adversaries can consume resources or cause system failures through crafted inputs. The specific implementation pattern suggests this could also relate to T1595.001 - Network Denial of Service, as the attack vector targets network infrastructure components that maintain routing state information.
Mitigation strategies should prioritize immediate patching of affected FRRouting versions to the latest stable releases where the input validation has been corrected. Network administrators should implement BGP message filtering and rate limiting mechanisms to reduce the impact of potential attacks. Additionally, monitoring systems should be configured to detect unusual BGP UPDATE message patterns that might indicate exploitation attempts. The fix typically involves adding comprehensive input validation checks within the rfapiRibBi2Ri() function to ensure all incoming routing information conforms to expected formats and data types before any processing occurs, thereby preventing the execution path that leads to the DoS condition.