Security / Responsible Disclosure

Vulnerabilities discovered by the FRR team affecting older versions of FRR are patched and documented using CVEs. Below are all filed CVEs. If you encounter a security issue you’d like to report, please use the (private) FRR security handling mailing list.

Name Versions Affected Disclosure Date Severity
CVE-2017-15865 2.0.0
3.0.0
 Nov 8, 2017 Medium
CVE-2019-5892 2.x
3.0 ~ 3.0.3
4
5.0 ~ 5.0.1
6.0 ~ 6.0.1
 Jan 10, 2019 High
CVE-2022-36440 < 8.4
 Apr 3, 2023 High
CVE-2022-37032 < 8.4
 Sep 19, 2022 Critical
CVE-2022-40302 < 8.4
 May 3, 2023 Medium
CVE-2022-40318 < 8.4
 May 3, 2023 Medium
CVE-2022-42917 < 8.4
 Oct 7, 2022 Medium
CVE-2022-43681 < 8.4
 May 3, 2023 Medium
CVE-2023-38802 < 8.5.3
9.0.0
 Aug 29, 2023 High
CVE-2023-41359 8.5.0 ~ 8.5.2
9.0.0
 Aug 29, 2023 Critical
CVE-2023-41360 8.4.x
8.5.0 ~ 8.5.2
9.0.0
 Aug 29, 2023 Critical
CVE-2023-41361 9.0.0
 Aug 29, 2023 Critical
CVE-2023-47235 < 9.0.1
 Nov 3, 2023 High