Infinite Loop in FRRouting due to Malformed Dynamic Capability
CVE-2024-31949

6.5MEDIUM

Key Information:

Vendor

FRRouting

Status
FRRouting
Vendor
CVE Published:
7 April 2024

What is CVE-2024-31949?

FRRouting versions up to 9.1 are susceptible to an infinite loop condition triggered by malformed data received as a dynamic capability. Specifically, when the system processes MP/GR capabilities, if the incoming data is improperly formatted, it leads to a failure in pointer advancement. This results in an unresponsive state, potentially affecting network operations and services relying on FRRouting. It is crucial for users to review and apply the latest updates to mitigate this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/FRRouting/frr/pull/15640
https://github.com/FRRouting/frr/pull/15640/commits/30a33...
https://lists.debian.org/debian-lts-announce/2024/04/msg0...
mailing-list

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.