CVE-2024-31949

MEDIUM

FRR <9.1 - DoS

Title source: llm

Description

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.

References (4)

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html

[Issue Tracking] https://github.com/FRRouting/frr/pull/15640

[Patch] https://github.com/FRRouting/frr/pull/15640/commits/30a332dad86fafd2b0b6c61d23de59ed969a219b

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 10.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-835

Status published

Products (1)

frrouting/frrouting < 9.1

Published Apr 07, 2024

Tracked Since Feb 18, 2026