CVE-2019-5892

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-5892

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5892.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-5892

Published

2019-01-10T17:29:00.333Z

Modified

2026-02-03T07:06:42.432007Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed.

References

Affected packages

Git / github.com/frrouting/frr

Affected ranges

Type: GIT
Repo: https://github.com/frrouting/frr
Events: Fixed

1bdbe6ef03e18f99fb31e3d959d2c42eabcf1574

Introduced

c8c24278b1d1da271089a36303bb7708568ce231

Fixed

1bdbe6ef03e18f99fb31e3d959d2c42eabcf1574

Fixed

6a18454bd8216779b9b747d051cae58696e8ecc4

Introduced

76a86854181c27819e5cf71b12ae1fa5ccd9e02a

Fixed

6a18454bd8216779b9b747d051cae58696e8ecc4

Fixed

943d595a018e69b550db08cccba1d0778a86705a

Fixed

9e0b3541bd3bbec7453980a7873a6ef7737fbafa

Introduced

0f2f24c66f5207ebafd9ea66f53020daf9cec3bf

Fixed

9e0b3541bd3bbec7453980a7873a6ef7737fbafa

Fixed

b29e32253f51f392b77a461cd509453e967c7ccd

Affected versions

FRR-3.*

FRR-3.0.1

frr-3.*

frr-3.0

frr-3.0-rc1

frr-3.0-rc2

frr-3.0-rc3

frr-3.0.2

frr-3.0.3

frr-3.1-dev

frr-4.*

frr-4.0

frr-4.0-dev

frr-5.*

frr-5.0-dev

frr-5.0.1

frr-5.1-dev

frr-6.*

frr-6.0

frr-6.0.1

frr-6.1-dev

reindent-3.*

reindent-3.0-after

reindent-3.0-before

Other

reindent-master-after

reindent-master-before

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "source": "https://github.com/frrouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a",
        "target": {
            "file": "bgpd/bgp_attr.c",
            "function": "bgp_packet_attribute"
        },
        "id": "CVE-2019-5892-0e0da3e3",
        "signature_version": "v1",
        "digest": {
            "function_hash": "226253075993838365206758340139451727523",
            "length": 9566.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/frrouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a",
        "target": {
            "file": "bgpd/bgp_attr.c",
            "function": "bgp_attr_parse"
        },
        "id": "CVE-2019-5892-99deb2d7",
        "signature_version": "v1",
        "digest": {
            "function_hash": "199930622389995491595351178600916485866",
            "length": 6439.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/frrouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a",
        "target": {
            "file": "bgpd/bgp_attr.c"
        },
        "id": "CVE-2019-5892-a3a40456",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "107777104466567314008682632771991800138",
                "235405730254444827236190011813045179433",
                "335868927362285832753604595618422189685",
                "47272941257009619675849957593652109504",
                "235582359505086831052758262786582469478",
                "66201759982703159290731231529114977532",
                "168924971747089847053328196432855369728",
                "224903372989617109560032431006216113010",
                "191286128100840234737980753312199717097",
                "279418862926639171169903744502347440483",
                "205210173508678452565123854152522315151",
                "65895608911594313176810430328100598911",
                "224419439070531230341548702062829061710",
                "99299168685093559901062003879591264572",
                "336946682123705287670464471661067398120",
                "260851037248658446859792461523021469835"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/frrouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a",
        "target": {
            "file": "bgpd/bgp_attr.c",
            "function": "bgp_packet_mpattr_tea"
        },
        "id": "CVE-2019-5892-b1660f24",
        "signature_version": "v1",
        "digest": {
            "function_hash": "45595622182248374209023856172970116011",
            "length": 1628.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/frrouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a",
        "target": {
            "file": "bgpd/bgpd.h"
        },
        "id": "CVE-2019-5892-fc272e92",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "316955059871085195017447230635599982227",
                "37601998386077420357919442678801951252",
                "46347138890790676048284109969502304387",
                "48641407575183571168910414059875291694"
            ]
        },
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5892.json"