OpenCVE

In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://github.com/FRRouting/frr/pull/15674/
https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775
https://nvd.nist.gov/vuln/detail/CVE-2024-31950
https://www.cve.org/CVERecord?id=CVE-2024-31950

History

Wed, 20 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-120
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H'}`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-04-07T00:00:00

Updated: 2024-11-20T21:29:29.067Z

Reserved: 2024-04-07T00:00:00

Link: CVE-2024-31950

Vulnrichment

Updated: 2024-08-02T01:59:50.649Z

NVD

Status : Awaiting Analysis

Published: 2024-04-07T21:15:07.540

Modified: 2024-04-08T18:48:40.217

Link: CVE-2024-31950

Redhat

Severity : Moderate

Publid Date: 2024-04-07T00:00:00Z

Links: CVE-2024-31950 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31950", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-20T21:29:29.067Z", "dateReserved": "2024-04-07T00:00:00", "datePublished": "2024-04-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-07T20:13:31.767474"}, "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/15674/"}, {"url": "https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-09T19:20:53.822888Z", "id": "CVE-2024-31950", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T21:29:29.067Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:59:50.649Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/FRRouting/frr/pull/15674/", "tags": ["x_transferred"]}, {"url": "https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/FRRouting/frr/pull/15674/", "tags": ["x_transferred"]}, {"url": "https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:59:50.649Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31950", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-09T19:20:53.822888Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:22.759Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/15674/"}, {"url": "https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775"}], "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-07T20:13:31.767474"}}}, "cveMetadata": {"cveId": "CVE-2024-31950", "state": "PUBLISHED", "dateUpdated": "2024-11-20T21:29:29.067Z", "dateReserved": "2024-04-07T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-07T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "frr: buffer overflow and daemon crash in ospf_te_parse_ri", "id": "2273995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273995"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).", "A buffer overflow vulnerability was found in FRRouting. There can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-31950", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-31950\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31950\nhttps://github.com/FRRouting/frr/pull/15674/"], "statement": "The buffer overflow vulnerability in FRRouting's ospf_te_parse_ri function, specifically when processing OSPF LSA packets containing Segment Routing subTLVs, is classified as a moderate severity issue. While buffer overflows can potentially lead to arbitrary code execution or daemon crashes, this particular vulnerability requires an attacker to send specially crafted OSPF LSA packets to the vulnerable component. Exploiting this vulnerability requires knowledge of the network topology and access to send malicious OSPF packets, making it more challenging for remote attackers to exploit. However, within an affected network, an attacker with the capability to send crafted OSPF packets could potentially disrupt the OSPF routing process or cause the FRRouting daemon to crash, leading to service interruptions or denial of service conditions.", "threat_severity": "Moderate"}