CVE-2024-44070

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FRRouting versions through 10.1

Description An issue was discovered in the bgp attr encap function in the bgpd/bgp attr.c file, which does not check the actual remaining stream length before taking the TLV value. This can allow a remote attacker to cause a denial of service.

Recommendations For versions through 10.1, consider disabling the bgp attr encap function as a temporary workaround until a patch is available. Restrict access to the bgpd/bgp attr.c file to minimize the risk of exploitation. Avoid using the TLV value in the affected bgp attr encap function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2024-16579

AZL-47862

AZL-47868

BDU:2024-06868

CVE-2024-44070

DLA-3865-1

OPENSUSE-SU-2024:14286-1

OPENSUSE-SU-2024_3090-1

OPENSUSE-SU-2024_3108-1

OPENSUSE-SU-2024_3478-1

OPENSUSE-SU-2024_4090-1

SUSE-SU-2024:3090-1

SUSE-SU-2024:3108-1

SUSE-SU-2024:3426-1

SUSE-SU-2024:3433-1

SUSE-SU-2024:3478-1

SUSE-SU-2024:4090-1

SUSE-SU-2024_3090-1

SUSE-SU-2024_3108-1

USN-7016-1

USN-7017-1

USN-7230-1

USN-7230-2

Affected Products

Alt Linux

Debian

Frrouting

Linuxmint

Red Os

Suse

Ubuntu

CVE-2024-44070

Weakness Enumeration

Related Identifiers

Affected Products

References · 83