CVE-2024-27913 — Missing Initialization of Resource in Frrouting

CWE-909 — Missing Initialization of Resource CWE-703 — Improper Check or Handling of Exceptional Conditions7 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 76.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Frrouting Debian FRR Msrc Cbl2 FRR 8.5.3-6 ON CBL Mariner 2.0 +3 more

Timeline

PublishedFeb 28

Latest updateMar 6

Description

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDfrrouting/frrouting< 9.0

▶debiandebian/frr< frr 9.1-0.1 (forky)

▶msrcmsrc/cbl_mariner_2.0_arm

▶msrcmsrc/cbl_mariner_2.0_x64

▶msrcmsrc/cbl2_frr_8.5.3-6_on_cbl_mariner_2.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2024-27913: ospf_te_parse_te in ospfd/ospf_te↗2024-02-28

▶

GHSA

GHSA-46v4-9j9w-fv79: ospf_te_parse_te in ospfd/ospf_te↗2024-02-28

▶

📋Vendor Advisories

Ubuntu

FRR vulnerability↗2024-03-06

▶

Red Hat

frr: Denial of service via malformed OSPF LSA packet↗2024-02-28

▶

Microsoft

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet because of an attempted acc↗2024-02-13

▶

Debian

CVE-2024-27913: frr - ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote...↗2024

▶