Lucene search

Veracode Vulnerability DatabaseVERACODE:46547

HistoryApr 19, 2024 - 10:34 a.m.

Denial Of Service (DoS)

2024-04-1910:34:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

frrouting/frr

prefix sid attribute

bgpd daemon

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

FRRouting/frr is vulnerable to Denial of Service (DoS). This vulnerability occurs due to improper handling of the Prefix SID attribute in the bgp_attr_malformed function within bgp_attr.c, leading to a crash of the bgpd daemon.

CPENameOperatorVersion
libfrr.sole0.0.0
frr:bustereq6.0.2-2+deb10u1
libfrr.sole0.0.0
frr:bustereq6.0.2-2+deb10u1

Name	Operator	Version
libfrr.so	le	0.0.0
frr:buster	eq	6.0.2-2+deb10u1
libfrr.so	le	0.0.0
frr:buster	eq	6.0.2-2+deb10u1

References

bugzilla.suse.com/show_bug.cgi?id=1222518

github.com/FRRouting/frr/pull/15628

github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138

lists.debian.org/debian-lts-announce/2024/04/msg00019.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:46547