{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31950", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T01:59:50.649Z", "dateReserved": "2024-04-07T00:00:00", "datePublished": "2024-04-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-07T20:13:31.767474"}, "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/15674/"}, {"url": "https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31950", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-09T19:20:53.822888Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:37:21.232Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:59:50.649Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FRRouting/frr/pull/15674/", "tags": ["x_transferred"]}, {"url": "https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31950", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-06-04T17:37:21.232Z", "dateReserved": "2024-04-07T00:00:00", "datePublished": "2024-04-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-07T20:13:31.767474"}, "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/15674/"}, {"url": "https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31950", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-09T19:20:53.822888Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:22.759Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated)."}, {"lang": "es", "value": "En FRRouting (FRR) hasta 9.1, puede haber un desbordamiento del b\u00fafer y un bloqueo del daemon en ospf_te_parse_ri para paquetes OSPF LSA durante un intento de leer subTLV de enrutamiento de segmentos (su tama\u00f1o no est\u00e1 validado)."}], "id": "CVE-2024-31950", "lastModified": "2024-04-08T18:48:40.217", "metrics": {}, "published": "2024-04-07T21:15:07.540", "references": [{"source": "cve@mitre.org", "url": "https://github.com/FRRouting/frr/pull/15674/"}, {"source": "cve@mitre.org", "url": "https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "frr: buffer overflow and daemon crash in ospf_te_parse_ri", "id": "2273995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273995"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).", "A buffer overflow vulnerability was found in FRRouting. There can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-31950", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-31950\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31950\nhttps://github.com/FRRouting/frr/pull/15674/"], "statement": "The buffer overflow vulnerability in FRRouting's ospf_te_parse_ri function, specifically when processing OSPF LSA packets containing Segment Routing subTLVs, is classified as a moderate severity issue. While buffer overflows can potentially lead to arbitrary code execution or daemon crashes, this particular vulnerability requires an attacker to send specially crafted OSPF LSA packets to the vulnerable component. Exploiting this vulnerability requires knowledge of the network topology and access to send malicious OSPF packets, making it more challenging for remote attackers to exploit. However, within an affected network, an attacker with the capability to send crafted OSPF packets could potentially disrupt the OSPF routing process or cause the FRRouting daemon to crash, leading to service interruptions or denial of service conditions.", "threat_severity": "Moderate"}