CVE-2026-37459
Integer Underflow in FRRouting Causes Denial of Service
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| frrouting | frr | From 10.0 (inc) to 10.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer underflow in FRRouting (FRR) versions stable/10.0 to stable/10.6. It occurs when an attacker supplies a specially crafted BGP UPDATE message, which triggers the underflow condition.
An integer underflow happens when an arithmetic operation attempts to create a numeric value that is lower than the minimum representable value, causing unexpected behavior in the software.
How can this vulnerability impact me? :
The impact of this vulnerability is a Denial of Service (DoS) condition. An attacker can exploit the integer underflow by sending a crafted BGP UPDATE message, causing the affected FRRouting software to crash or become unavailable.
This means network routing services relying on FRRouting could be disrupted, potentially affecting network availability.