Bugzilla – Bug 1222526
VUL-0: CVE-2024-31950: frr,quagga: buffer overflow and daemon crash in ospf_te_parse_ri
Last modified: 2024-07-03 06:00:06 UTC
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31950 https://www.cve.org/CVERecord?id=CVE-2024-31950 https://github.com/FRRouting/frr/pull/15674/ https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775 https://bugzilla.redhat.com/show_bug.cgi?id=2273995
Upstream fix is not merged yet. Tracking frr only as affected: - SUSE:SLE-15-SP3:Update/frr - SUSE:SLE-15-SP5:Update/frr - openSUSe:Factory/frr
SUSE-SU-2024:1971-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1222526, 1222528, 1223786 CVE References: CVE-2024-31950, CVE-2024-31951, CVE-2024-34088 Maintenance Incident: [SUSE:Maintenance:34170](https://smelt.suse.de/incident/34170/) Sources used: openSUSE Leap 15.5 (src): frr-8.4-150500.4.23.1 openSUSE Leap 15.6 (src): frr-8.4-150500.4.23.1 Server Applications Module 15-SP5 (src): frr-8.4-150500.4.23.1 Server Applications Module 15-SP6 (src): frr-8.4-150500.4.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.