Infinite Loop in FRRouting due to Malformed Dynamic Capability
CVE-2024-31949

6.5MEDIUM

Key Information:

Vendor: FRRouting
Status: FRRouting
Vendor: CVE Published:; 7 April 2024

What is CVE-2024-31949?

FRRouting versions up to 9.1 are susceptible to an infinite loop condition triggered by malformed data received as a dynamic capability. Specifically, when the system processes MP/GR capabilities, if the incoming data is improperly formatted, it leads to a failure in pointer advancement. This results in an unresponsive state, potentially affecting network operations and services relying on FRRouting. It is crucial for users to review and apply the latest updates to mitigate this issue.

References

https://github.com/FRRouting/frr/pull/15640

https://github.com/FRRouting/frr/pull/15640/commits/30a33...

https://lists.debian.org/debian-lts-announce/2024/04/msg0...

mailing-list

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2024
Vulnerability Reserved
Apr 7, 2024