CVE-2019-5892

Name of the Vulnerable Software and Affected Versions FRRouting FRR versions 2.x through 3.x before 3.0.4 FRRouting FRR versions 4.x before 4.0.1 FRRouting FRR versions 5.x before 5.0.2 FRRouting FRR versions 6.x before 6.0.2

Description The issue allows remote attackers to cause a denial of service, specifically a peering session flap, via attribute 255 in a BGP UPDATE packet when ENABLE BGP VNC is used for Virtual Network Control. This occurred because FRR does not implement RFC 7606, resulting in packets with 255 being considered invalid VNC data and the BGP session being closed.

Recommendations For versions 2.x through 3.x before 3.0.4, update to version 3.0.4 or later. For versions 4.x before 4.0.1, update to version 4.0.1 or later. For versions 5.x before 5.0.2, update to version 5.0.2 or later. For versions 6.x before 6.0.2, update to version 6.0.2 or later.