OSPF Daemon Vulnerability in FRRouting Affects Multiple Versions
CVE-2024-34088

7.5HIGH

Key Information:

Vendor: FRRouting
Status: FRRouting
Vendor: CVE Published:; 30 April 2024

What is CVE-2024-34088?

A vulnerability in the OSPF daemon of FRRouting allows the get_edge() function in ospf_te.c to return a NULL pointer when certain conditions occur. This flaw can lead to the calling functions failing to properly handle the NULL value, resulting in the OSPF daemon crashing. As a result, this creates a denial of service scenario, affecting network stability and performance. It is crucial for users to upgrade to patched versions to mitigate this risk.

References

https://github.com/FRRouting/frr/pull/15674/commits/34d70...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2024

CVE-2024-34088 Data

JSON