Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-27913

Опубликовано: 28 фев. 2024
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.

A flaw was found in FRRouting. A missing check for a NULL attribute in the ospf_te_parse_te in ospfd/ospf_te.c file may lead to a crash of the ospfd daemon and a denial of service through a malformed OSPF LSA packet.

Отчет

This vulnerability in FRRouting (FRR), specifically within the ospf_te_parse_te function, poses a moderate severity risk due to its potential to cause a denial-of-service (DoS) condition in the ospfd daemon. The issue arises from improper handling of malformed OSPF Link State Advertisement (LSA) packets, resulting in an attempted access to a missing attribute field. This access violation leads to a crash of the ospfd daemon, disrupting OSPF routing functionality within the affected network segment.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8frrNot affected
Red Hat Enterprise Linux 9frrWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-703
https://bugzilla.redhat.com/show_bug.cgi?id=2267347frr: Denial of service via malformed OSPF LSA packet

EPSS

Процентиль: 24%
0.00078
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-27913

CVSS3: 6.5
ubuntu
почти 2 года назад

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.

nvd логотип

CVE-2024-27913

CVSS3: 6.5
nvd
почти 2 года назад

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.

msrc логотип

CVE-2024-27913

CVSS3: 6.5
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2024-27913

CVSS3: 6.5
debian
почти 2 года назад

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 all ...

github логотип

GHSA-46v4-9j9w-fv79

CVSS3: 6.5
github
почти 2 года назад

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.

EPSS

Процентиль: 24%
0.00078
Низкий

6.5 Medium

CVSS3