{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-04T00:00:00Z",
  "bugzilla" : {
    "description" : "frr: denial of service via crafted UPDATE message",
    "id" : "2465680",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2465680"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-20",
  "details" : [ "Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.", "A flaw was found in FRRouting (FRR). An authenticated remote attacker can exploit a missing input validation vulnerability in the MP_REACH_NLRI component by supplying a specially crafted UPDATE message. This issue can lead to a Denial of Service (DoS)." ],
  "statement" : "This vulnerability allows an authenticated remote attacker to cause a denial of service via a specially crafted UPDATE message. Due to this reason, this issue has been rated with a moderate severity.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "frr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "frr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "frr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "frr10",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-37458\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-37458\nhttps://github.com/FRRouting/frr/commit/8102a8aeceb9f86fdfe1f80cd77080522bab69c8" ],
  "name" : "CVE-2026-37458",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}