Описание
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
A NULL pointer dereference vulnerability was found in FRRouting within the show_opaque_info_detail function within ospf_opaque.c. When the OSPF daemon (ospfd) is configured with the debug command debug ospf packet all send/recv detail, it attempts to display detailed information of all received or sent OSPF packets through the VTY interface or zlog. Due to a missing check for functab->show_opaque_info, a NULL pointer dereference can occur when processing a crafted LS Update packet.
Отчет
Exploitation of this issue requires specific conditions, as it is only triggered when OSPF debug mode is manually enabled using the debug ospf packet all send/recv detail command, which is disabled by default. Related commands such as debug ospf packet ls-update send/recv detail merely enable verbose logging for diagnostic purposes and do not alter the normal packet handling or parsing behavior of the OSPF daemon. This issue is rated Moderate rather than Important because it depends on a very specific and non-default runtime condition for exploitation. The vulnerable code path is only reachable when OSPF detailed packet debugging (debug ospf packet all send/recv detail) is explicitly enabled, which is typically used for temporary diagnostic purposes and not in production environments. In normal operation, the affected function is not invoked, thereby significantly reducing exposure. Furthermore, the flaw leads solely to a NULL pointer dereference, causing a crash of the ospfd process without memory corruption or control-flow hijacking potential.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | frr | Fix deferred | ||
| Red Hat Enterprise Linux 8 | frr | Fix deferred | ||
| Red Hat Enterprise Linux 9 | frr | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NU ...
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
5.9 Medium
CVSS3