Описание
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
A flaw was found in FRRouting. A missing check for a NULL attribute in the ospf_te_parse_te in ospfd/ospf_te.c file may lead to a crash of the ospfd daemon and a denial of service through a malformed OSPF LSA packet.
Отчет
This vulnerability in FRRouting (FRR), specifically within the ospf_te_parse_te function, poses a moderate severity risk due to its potential to cause a denial-of-service (DoS) condition in the ospfd daemon. The issue arises from improper handling of malformed OSPF Link State Advertisement (LSA) packets, resulting in an attempted access to a missing attribute field. This access violation leads to a crash of the ospfd daemon, disrupting OSPF routing functionality within the affected network segment.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | frr | Not affected | ||
| Red Hat Enterprise Linux 9 | frr | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet because of an attempted access to a missing attribute field.
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 all ...
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
EPSS
6.5 Medium
CVSS3