Skip to main content

Frrouting CVE-2024-31949

MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2024-04-07 cve@mitre.org
6.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 07, 2024 - 21:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.

AnalysisAI

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-835. In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. Affected products include: Frrouting. Version information: through 9.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-37032 CRITICAL POC
9.1 Sep 19

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of servi

CVE-2022-37035 HIGH POC
8.1 Aug 02

An issue was discovered in bgpd in FRRouting (FRR) 8.3. Rated high severity (CVSS 8.1), this vulnerability is remotely e

CVE-2022-26129 HIGH POC
7.8 Mar 03

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functio

CVE-2022-26128 HIGH POC
7.8 Mar 03

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the

CVE-2022-26127 HIGH POC
7.8 Mar 03

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in t

CVE-2022-26126 HIGH POC
7.8 Mar 03

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated bin

CVE-2022-26125 HIGH POC
7.8 Mar 03

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd

CVE-2023-38802 HIGH POC
7.5 Aug 29

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a craft

CVE-2023-31490 HIGH POC
7.5 May 09

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub

CVE-2023-38406 CRITICAL
9.8 Nov 06

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow.". Rated

CVE-2023-41361 CRITICAL
9.8 Aug 29

An issue was discovered in FRRouting FRR 9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit

CVE-2023-31489 MEDIUM POC
5.5 May 09

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_ll

Share

CVE-2024-31949 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy