CVE-2024-31948

CVSS 6.5 MEDIUMEPSS 0.8%CWE-1287

In short

An attacker can crash the BGP routing daemon in FRRouting by sending a specially crafted network packet with malformed data. This causes the routing service to stop working, disrupting network traffic routing.

Technical detail

The bgpd daemon in FRRouting versions through 9.1 fails to properly validate Prefix SID attributes in BGP UPDATE packets, allowing a network-adjacent attacker to trigger a denial-of-service condition through a crafted packet that causes the daemon to crash without requiring authentication.

Summary generated and translated by AI from the official description.

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/FRRouting/frr/pull/15628 https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138 https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html