Buffer Overflow in FRRouting Daemon Leading to Service Disruption
CVE-2024-31948

Currently unrated

Key Information:

Vendor: FRRouting
Status: FRRouting
Vendor: CVE Published:; 7 April 2024

What is CVE-2024-31948?

In FRRouting (FRR) versions up to 9.1, a malicious actor can exploit a vulnerability by sending a malformed Prefix SID attribute within a BGP UPDATE packet. This manipulation can lead the bgpd daemon to crash, resulting in service disruption. It's essential for network operators using affected versions to apply updates promptly to mitigate potential risks associated with this flaw.

References

https://github.com/FRRouting/frr/pull/15628

https://github.com/FRRouting/frr/pull/15628/commits/ba6a8...

https://lists.debian.org/debian-lts-announce/2024/04/msg0...

mailing-list

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2024
Vulnerability Reserved
Apr 7, 2024