CVE-2024-31948 - Vulnerability Details - OpenCVE

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00078.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Frrouting	Frrouting

Configuration 1 [-]

cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-3797-1	frr security update
Debian DLA	DLA-3865-1	frr security update
Ubuntu USN	USN-6794-1	FRR vulnerabilities
Ubuntu USN	USN-6807-1	FRR vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/FRRouting/frr/pull/15628
https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html
https://nvd.nist.gov/vuln/detail/CVE-2024-31948
https://www.cve.org/CVERecord?id=CVE-2024-31948

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-04-07T00:00:00

Updated: 2024-08-02T01:59:50.550Z

Reserved: 2024-04-07T00:00:00

Link: CVE-2024-31948

Vulnrichment

Updated: 2024-04-29T17:31:05.520Z

NVD

Status : Analyzed

Published: 2024-04-07T21:15:07.423

Modified: 2025-05-01T14:47:09.200

Link: CVE-2024-31948

Redhat

Severity : Moderate

Publid Date: 2024-04-07T00:00:00Z

Links: CVE-2024-31948 - Bugzilla

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31948", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T01:59:50.550Z", "dateReserved": "2024-04-07T00:00:00", "datePublished": "2024-04-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-28T07:06:14.531873"}, "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/15628"}, {"url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138"}, {"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T17:23:10.377527Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*"], "vendor": "frrouting", "product": "frrouting", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:36:15.479Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:59:50.550Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FRRouting/frr/pull/15628", "tags": ["x_transferred"]}, {"url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31948", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-06-04T17:36:15.479Z", "dateReserved": "2024-04-07T00:00:00", "datePublished": "2024-04-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-28T07:06:14.531873"}, "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/15628"}, {"url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138"}, {"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T17:23:10.377527Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*"], "vendor": "frrouting", "product": "frrouting", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T17:31:05.520Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5B5FAA5-AC63-4329-A4F8-6EBD2CB12618", "versionEndIncluding": "9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash."}, {"lang": "es", "value": "En FRRouting (FRR) hasta 9.1, un atacante que utiliza un atributo SID de prefijo con formato incorrecto en un paquete de BGP UPDATE puede provocar que el daemon bgpd falle."}], "id": "CVE-2024-31948", "lastModified": "2025-05-01T14:47:09.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-07T21:15:07.423", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/FRRouting/frr/pull/15628"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/FRRouting/frr/pull/15628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "frr: bgpd daemon crash", "id": "2273982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273982"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-248", "details": ["In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.", "An uncaught exception flaw was found in FRRouting. This flaw allows an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet to cause the bgpd daemon to crash."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-31948", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-31948\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31948\nhttps://github.com/FRRouting/frr/pull/15628"], "statement": "The uncaught exception flaw in FRRouting's bgpd daemon, triggered by a malformed Prefix SID attribute in a BGP UPDATE packet, poses a moderate severity risk due to its potential to cause a denial of service (DoS) condition. While the vulnerability results in a crash of the bgpd daemon, leading to disruption of routing services, it primarily affects the availability aspect of the CIA triad (Confidentiality, Integrity, and Availability). Although the flaw does not directly expose sensitive information or allow unauthorized access to the system, the ability to crash a critical routing component could impact network operations and service availability. However, the exploitation requires a targeted and deliberate action by an attacker, limiting its immediate widespread impact compared to high severity vulnerabilities that could lead to data breaches or complete system compromise.", "threat_severity": "Moderate"}