CVE-2024-27913

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FRRouting (FRR) versions through 9.1

Description The issue allows remote attackers to cause a denial of service, resulting in the ospfd daemon crash, via a malformed OSPF LSA packet. This occurs because of an attempted access to a missing attribute field in the ospf te parse te function in ospfd/ospf te.c.

Recommendations For FRRouting (FRR) versions through 9.1, update to a version that fixes the issue in the ospf te parse te function to prevent the denial of service. As a temporary workaround, consider restricting access to the ospfd daemon to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-909CWE-20

Related Identifiers

AZL-35450

BDU:2025-15605

CVE-2024-27913

OPENSUSE-SU-2024:13911-1

OPENSUSE-SU-2024_1453-1

OPENSUSE-SU-2024_4090-1

SUSE-SU-2024:1453-1

SUSE-SU-2024:4090-1

SUSE-SU-2024_1453-1

USN-6679-1

Affected Products

Debian

Frrouting

Linuxmint

Red Os

Suse

Ubuntu

CVE-2024-27913

Weakness Enumeration

Related Identifiers

Affected Products

References · 43