First published: Wed Feb 28 2024(Updated: )
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/frr | <=6.0.2-2+deb10u1<=7.5.1-1.1+deb10u1<=7.5.1-1.1+deb11u2<=8.4.4-1.1~deb12u1 | 9.1-0.1 |
ubuntu/frr | <8.1-1ubuntu1.9 | 8.1-1ubuntu1.9 |
ubuntu/frr | <8.4.4-1.1ubuntu1.3 | 8.4.4-1.1ubuntu1.3 |
Frrouting bgpd | <9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-27913 has been classified as a high severity vulnerability that can lead to a denial of service by crashing the ospfd daemon.
To fix CVE-2024-27913, upgrade to the patched versions of FRRouting which include 9.1-0.1 or 8.1-1ubuntu1.9 for Ubuntu.
The denial of service in CVE-2024-27913 is caused by handling a malformed OSPF LSA packet that tries to access a missing attribute field.
CVE-2024-27913 affects FRRouting versions up to and including 9.0.
Yes, CVE-2024-27913 is remotely exploitable, allowing attackers to crash the ospfd daemon without any prior authentication.