Security / Responsible Disclosure

Vulnerabilities discovered by the FRR team affecting older versions of FRR are patched and documented using CVEs. Below are all filed CVEs. If you encounter a security issue you’d like to report, please use the (private) FRR security handling mailing list.

Name Versions Affected Disclosure Date Severity
CVE-2017-15865 2.0.0
3.0.0
Nov 8, 2017 Medium
CVE-2019-5892 2.x
3.0 ~ 3.0.3
4
5.0 ~ 5.0.1
6.0 ~ 6.0.1
Jan 10, 2019 High
CVE-2022-36440 < 8.4
Apr 3, 2023 High
CVE-2022-37032 < 8.4
Sep 19, 2022 Critical
CVE-2022-40302 < 8.4
May 3, 2023 Medium
CVE-2022-40318 < 8.4
May 3, 2023 Medium
CVE-2022-42917 < 8.4
Oct 7, 2022 Medium
CVE-2022-43681 < 8.4
May 3, 2023 Medium
CVE-2023-38802 < 8.5.3
9.0.0
Aug 29, 2023 High
CVE-2023-41359 8.5.0 ~ 8.5.2
9.0.0
Aug 29, 2023 Critical
CVE-2023-41360 8.4.x
8.5.0 ~ 8.5.2
9.0.0
Aug 29, 2023 Critical
CVE-2023-41361 9.0.0
Aug 29, 2023 Critical
CVE-2023-46752 < 8.5.4
9.0.0 ~ 9.0.1
Nov 3, 2023 High
CVE-2023-46753 < 8.5.4
9.0.0 ~ 9.0.1
Nov 3, 2023 High
CVE-2023-47234 < 8.5.4
9.0.0 ~ 9.0.1
Nov 3, 2023 High
CVE-2023-47235 < 8.5.4
9.0.0 ~ 9.0.1
Nov 3, 2023 High