Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-31948

Опубликовано: 07 апр. 2024
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

An uncaught exception flaw was found in FRRouting. This flaw allows an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet to cause the bgpd daemon to crash.

Отчет

The uncaught exception flaw in FRRouting's bgpd daemon, triggered by a malformed Prefix SID attribute in a BGP UPDATE packet, poses a moderate severity risk due to its potential to cause a denial of service (DoS) condition. While the vulnerability results in a crash of the bgpd daemon, leading to disruption of routing services, it primarily affects the availability aspect of the CIA triad (Confidentiality, Integrity, and Availability). Although the flaw does not directly expose sensitive information or allow unauthorized access to the system, the ability to crash a critical routing component could impact network operations and service availability. However, the exploitation requires a targeted and deliberate action by an attacker, limiting its immediate widespread impact compared to high severity vulnerabilities that could lead to data breaches or complete system compromise.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10frrNot affected
Red Hat Enterprise Linux 8frrWill not fix
Red Hat Enterprise Linux 9frrWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-248
https://bugzilla.redhat.com/show_bug.cgi?id=2273982frr: bgpd daemon crash

EPSS

Процентиль: 24%
0.00078
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-31948

CVSS3: 6.5
ubuntu
больше 1 года назад

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

nvd логотип

CVE-2024-31948

CVSS3: 6.5
nvd
больше 1 года назад

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

debian логотип

CVE-2024-31948

CVSS3: 6.5
debian
больше 1 года назад

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix S ...

suse-cvrf логотип

SUSE-SU-2024:1475-1

suse-cvrf
больше 1 года назад

Security update for frr

github логотип

GHSA-56vm-qxhc-5p2f

CVSS3: 6.5
github
больше 1 года назад

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

EPSS

Процентиль: 24%
0.00078
Низкий

6.5 Medium

CVSS3