CVE-2024-31948

MEDIUM EPSS 52.8%
Published Apr 7, 20242y ago · Modified Jun 17, 20261w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Apr 7, 2024 2y ago
Last Modified Jun 17, 2026 1w ago

Description

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
52.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-1287

Affected Products 1

VendorProductVersionRange
frroutingfrrouting* ≤9.1

References 4

  • github.com https://github.com/FRRouting/frr/pull/15628
    Issue TrackingThird Party Advisory
  • github.com https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html

Remediation

  • github.com https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138
    Patch