Описание
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
A buffer overflow vulnerability was found in FRRouting. There can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs.
Отчет
The vulnerability in the Opaque LSA Extended Link parser in FRRouting (FRR), which allows for a buffer overflow and potential daemon crash when processing OSPF LSA packets with improperly validated Segment Routing Adjacency SID subTLVs, is classified as a moderate severity issue. While the vulnerability can lead to service disruption due to daemon crashes, it requires specific conditions to be met for exploitation. An attacker would need to craft OSPF LSA packets with malicious Segment Routing Adjacency SID subTLVs and successfully send them to the vulnerable FRRouting instance. This requires knowledge of the network topology and access to send OSPF packets to the targeted router. Additionally, exploitation may not result in arbitrary code execution, limiting the potential impact.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | frr | Will not fix | ||
| Red Hat Enterprise Linux 9 | frr | Will not fix |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, ...
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
7 High
CVSS3