{"id":"CVE-2019-5892","details":"bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed.","modified":"2026-04-11T17:54:08.971668Z","published":"2019-01-10T17:29:00.333Z","references":[{"type":"ADVISORY","url":"https://github.com/FRRouting/frr/releases/tag/frr-3.0.4"},{"type":"ADVISORY","url":"https://github.com/FRRouting/frr/releases/tag/frr-4.0.1"},{"type":"ADVISORY","url":"https://github.com/FRRouting/frr/releases/tag/frr-5.0.2"},{"type":"ADVISORY","url":"https://github.com/FRRouting/frr/releases/tag/frr-6.0.2"},{"type":"ADVISORY","url":"https://frrouting.org/community/security/cve-2019-5892.html"},{"type":"FIX","url":"https://lists.frrouting.org/pipermail/frog/2019-January/000404.html"},{"type":"FIX","url":"https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/frrouting/frr","events":[{"introduced":"3e71b5d907e9a58049e188cd88ad86614c5ad4f6"},{"last_affected":"36a7e7812aa61c90cb552778708d13898b1d9d4c"},{"introduced":"76a86854181c27819e5cf71b12ae1fa5ccd9e02a"},{"fixed":"6a18454bd8216779b9b747d051cae58696e8ecc4"},{"introduced":"0f2f24c66f5207ebafd9ea66f53020daf9cec3bf"},{"fixed":"9e0b3541bd3bbec7453980a7873a6ef7737fbafa"},{"introduced":"c8c24278b1d1da271089a36303bb7708568ce231"},{"fixed":"1bdbe6ef03e18f99fb31e3d959d2c42eabcf1574"},{"introduced":"0"},{"last_affected":"78afca8e78c3d466dc2b3fa8d53cbcd8ee0f6489"},{"fixed":"943d595a018e69b550db08cccba1d0778a86705a"},{"fixed":"b29e32253f51f392b77a461cd509453e967c7ccd"}],"database_specific":{"versions":[{"introduced":"2.0"},{"last_affected":"2.0.2"},{"introduced":"3.0"},{"fixed":"3.0.4"},{"introduced":"5.0"},{"fixed":"5.0.2"},{"introduced":"6.0"},{"fixed":"6.0.2"},{"introduced":"0"},{"last_affected":"4.0"}]}}],"versions":["FRR-3.0.1","frr-2.0","frr-2.0.1","frr-2.0.2","frr-3.0","frr-3.0-branchpoint","frr-3.0-rc1","frr-3.0-rc2","frr-3.0-rc3","frr-3.0.2","frr-3.0.3","frr-3.1-dev","frr-4.0","frr-4.0-dev","frr-5.0-dev","frr-5.0.1","frr-5.1-dev","frr-6.0","frr-6.0.1","frr-6.1-dev","reindent-3.0-after","reindent-3.0-before","reindent-master-after","reindent-master-before"],"database_specific":{"vanir_signatures":[{"target":{"file":"bgpd/bgp_attr.c","function":"bgp_packet_attribute"},"source":"https://github.com/frrouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a","deprecated":false,"digest":{"function_hash":"226253075993838365206758340139451727523","length":9566},"signature_type":"Function","id":"CVE-2019-5892-0e0da3e3","signature_version":"v1"},{"target":{"file":"bgpd/bgp_attr.c","function":"bgp_attr_parse"},"source":"https://github.com/frrouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a","deprecated":false,"digest":{"function_hash":"199930622389995491595351178600916485866","length":6439},"signature_type":"Function","id":"CVE-2019-5892-99deb2d7","signature_version":"v1"},{"target":{"file":"bgpd/bgp_attr.c"},"source":"https://github.com/frrouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["107777104466567314008682632771991800138","235405730254444827236190011813045179433","335868927362285832753604595618422189685","47272941257009619675849957593652109504","235582359505086831052758262786582469478","66201759982703159290731231529114977532","168924971747089847053328196432855369728","224903372989617109560032431006216113010","191286128100840234737980753312199717097","279418862926639171169903744502347440483","205210173508678452565123854152522315151","65895608911594313176810430328100598911","224419439070531230341548702062829061710","99299168685093559901062003879591264572","336946682123705287670464471661067398120","260851037248658446859792461523021469835"]},"signature_type":"Line","id":"CVE-2019-5892-a3a40456","signature_version":"v1"},{"target":{"file":"bgpd/bgp_attr.c","function":"bgp_packet_mpattr_tea"},"source":"https://github.com/frrouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a","deprecated":false,"digest":{"function_hash":"45595622182248374209023856172970116011","length":1628},"signature_type":"Function","id":"CVE-2019-5892-b1660f24","signature_version":"v1"},{"target":{"file":"bgpd/bgpd.h"},"source":"https://github.com/frrouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["316955059871085195017447230635599982227","37601998386077420357919442678801951252","46347138890790676048284109969502304387","48641407575183571168910414059875291694"]},"signature_type":"Line","id":"CVE-2019-5892-fc272e92","signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5892.json","vanir_signatures_modified":"2026-04-11T17:54:08Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}