Bugzilla – Bug 1222528
VUL-0: CVE-2024-31951: frr,quagga: buffer overflow in ospf_te_parse_ext_link
Last modified: 2024-06-11 10:14:42 UTC
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). References: https://github.com/FRRouting/frr/pull/15674/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31951 https://www.cve.org/CVERecord?id=CVE-2024-31951 https://github.com/FRRouting/frr/pull/15674/commits/344fb4be2bc27316c74b17003c05ea40be395836 https://bugzilla.redhat.com/show_bug.cgi?id=2273999
Upstream fix is not merged yet. Tracking frr only as affected: - SUSE:SLE-15-SP5:Update/frr - openSUSe:Factory/frr SUSE:SLE-15-SP3:Update/frr is not affected.
SUSE-SU-2024:1971-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1222526, 1222528, 1223786 CVE References: CVE-2024-31950, CVE-2024-31951, CVE-2024-34088 Maintenance Incident: [SUSE:Maintenance:34170](https://smelt.suse.de/incident/34170/) Sources used: openSUSE Leap 15.5 (src): frr-8.4-150500.4.23.1 openSUSE Leap 15.6 (src): frr-8.4-150500.4.23.1 Server Applications Module 15-SP5 (src): frr-8.4-150500.4.23.1 Server Applications Module 15-SP6 (src): frr-8.4-150500.4.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.