CVE-2017-3224Improper Validation of Integrity Check Value in FRR

CWE-354Improper Validation of Integrity Check ValueCWE-345Insufficient Verification of Data Authenticity7 documents6 sources
Severity
8.2HIGHNVD
EPSS
0.0%
top 93.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian FRR
Timeline
PublishedJul 24
Latest updateMay 13

Description

Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since th

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages1 packages

debiandebian/frr

🔴Vulnerability Details

2
GHSA
GHSA-63cp-f7wp-c79r: Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumb2022-05-13
OSV
CVE-2017-3224: Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumb2018-07-24

📋Vendor Advisories

2
Red Hat
quagga: OSPF implementation improperly determines LSA recency (VU#793496)2017-07-27
Debian
CVE-2017-3224: frr - Open Shortest Path First (OSPF) protocol implementations may improperly determin...2017

💬Community

2
Bugzilla
CVE-2017-3224 quagga: OSPF implementation improperly determines LSA recency (VU#793496) [fedora-all]2017-07-28
Bugzilla
CVE-2017-3224 quagga: OSPF implementation improperly determines LSA recency (VU#793496)2017-07-19