What is the severity of CVE-2024-31948?

CVE-2024-31948 has a severity rating that may lead to a denial of service by crashing the bgpd daemon.

How do I fix CVE-2024-31948?

To fix CVE-2024-31948, upgrade to the fixed versions of the FRRouting package, specifically 7.5.1-1.1+deb11u4 or 10.2.1-2.

CVE-2024-31948 affects the FRRouting (FRR) versions up to 9.1 on Debian systems.

CVE-2024-31948 can be exploited through malformed Prefix SID attributes in BGP UPDATE packets.

The bgpd daemon in FRRouting is the component impacted by CVE-2024-31948, leading to potential crashes.

6.5

CWE

1287

EPSS

0.045%

7/4/2024

21/11/2024

First published: Sun Apr 07 2024(Updated: )

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/frr	<=7.5.1-1.1+deb11u2<=8.4.4-1.1~deb12u1	7.5.1-1.1+deb11u4 10.2.1-2

What is the severity of CVE-2024-31948?
CVE-2024-31948 has a severity rating that may lead to a denial of service by crashing the bgpd daemon.
How do I fix CVE-2024-31948?
To fix CVE-2024-31948, upgrade to the fixed versions of the FRRouting package, specifically 7.5.1-1.1+deb11u4 or 10.2.1-2.
Which software is affected by CVE-2024-31948?
CVE-2024-31948 affects the FRRouting (FRR) versions up to 9.1 on Debian systems.
What types of attacks can exploit CVE-2024-31948?
CVE-2024-31948 can be exploited through malformed Prefix SID attributes in BGP UPDATE packets.
What components are impacted by CVE-2024-31948?
The bgpd daemon in FRRouting is the component impacted by CVE-2024-31948, leading to potential crashes.