Описание
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
A flaw was found in FRRouting (FRR). Some functions do not check the return value of the get_edge function in the ospfd/ospf_te.c file, allowing a NULL pointer dereference, causing a crash in the OSPF daemon, resulting in a denial of service.
Отчет
The get_edge function can return a NULL pointer when processing specially crafted link IDs or advertised router IP addresses. When the NULL pointer is returned from the get_edge function and this return value is not handled by calling functions, a NULL pointer dereference issue can be triggered. As this flaw requires a crafted link ID or advertised router IP address to create an invalid edge key can and can result only in a denial of service condition, it has been rated with a moderate severity. The FRR package as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability because the vulnerable code was introduced in a newer version of FRR.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | frr | Not affected | ||
| Red Hat Enterprise Linux 9 | frr | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
In FRRouting (FRR) through 9.1, it is possible for the get_edge() func ...
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
EPSS
7.5 High
CVSS3