Hello!

On Mon, Sep 22, 2025 at 10:22:46PM +0200, Maria Matejka via Bird-users wrote:

we are releasing BIRD versions 3.1.4 and 3.0.5. We have fixed several crashes in BGP. including one which was remotely exploitable (CVE-2025-59688). This was so far probably the worst bug I remember, and we very much hope that nothing similar is going to happen any time soon again.

… and now there is also a writeup about that exploitable crash.

https://en.blog.nic.cz/2025/09/24/crashing-bird-3-by-sending-a-notification-cve-2025-59688/

Maria

–
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.