CVE-2024-44070 — Improper Input Validation in Frrouting

CWE-20 — Improper Input Validation12 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 67.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Frrouting Redhat Enterprise Linux

Timeline

PublishedAug 19

Latest updateJan 27

Description

An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDfrrouting/frrouting10.1

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

frr vulnerabilities↗2025-01-27

▶

GHSA

GHSA-88xw-q94w-q9mr: An issue was discovered in FRRouting (FRR) through 10↗2024-08-19

▶

CVEList

CVE-2024-44070: An issue was discovered in FRRouting (FRR) through 10↗2024-08-19

▶

OSV

CVE-2024-44070: An issue was discovered in FRRouting (FRR) through 10↗2024-08-19

▶

📋Vendor Advisories

Ubuntu

FRR vulnerabilities↗2025-01-27

▶

Ubuntu

Quagga vulnerability↗2025-01-27

▶

Ubuntu

Quagga vulnerability↗2024-09-17

▶

Ubuntu

FRR vulnerability↗2024-09-17

▶

Red Hat

frr: improper input validation in bgp_attr_encap() in bgpd/bgp_attr.c↗2024-08-18

▶