Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-31949

Опубликовано: 07 апр. 2024
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.

An infinite loop vulnerability was found in FRRouting. Malformed data when receiving an MP/GR capability as a dynamic capability can result in a pointer not advancing.

Отчет

The infinite loop triggered by the receipt of a malformed MP/GR capability in FRRouting represents a moderate severity issue due to its potential impact on system stability and resource utilization. While it does not directly expose sensitive data or allow unauthorized access, the loop can lead to a Denial of Service (DoS) condition by consuming excessive CPU resources, thereby degrading the overall performance of the routing infrastructure. Additionally, the continuous processing of malformed data may destabilize the router, potentially causing intermittent service disruptions or requiring manual intervention to restore normal operation.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8frrWill not fix
Red Hat Enterprise Linux 9frrWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=2273992frr: infinite loop

EPSS

Процентиль: 11%
0.00039
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-31949

CVSS3: 6.5
ubuntu
около 1 года назад

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.

nvd логотип

CVE-2024-31949

CVSS3: 6.5
nvd
около 1 года назад

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.

debian логотип

CVE-2024-31949

CVSS3: 6.5
debian
около 1 года назад

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiv ...

github логотип

GHSA-f3q5-vrp5-crqj

CVSS3: 6.5
github
около 1 года назад

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.

fstec логотип

BDU:2024-06851

CVSS3: 7.5
fstec
около 1 года назад

Уязвимость компонента Dynamic Capability Handler программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 11%
0.00039
Низкий

6.5 Medium

CVSS3