PT-2024-6033 · Frrouting+2 · Frrouting+2
Iggy Frankovic
·
Published
2024-04-07
·
Updated
2025-05-01
·
CVE-2024-31949
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
FRRouting versions through 9.1
Description
The issue is related to the Dynamic Capability Handler component in FRRouting, which can lead to an infinite loop when receiving a MP/GR capability as a dynamic capability due to malformed data causing a pointer not to advance. This can allow a remote attacker to cause a denial of service.
Recommendations
For versions through 9.1, consider disabling the Dynamic Capability Handler component as a temporary workaround until a patch is available. Restrict access to the MP/GR capability to minimize the risk of exploitation. Avoid using malformed data in the dynamic capability to prevent the infinite loop.
Fix
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Frrouting
Red Os