Bugzilla – Bug 1223786
VUL-0: CVE-2024-34088: frr,quagga: frr: null pointer via get_edge() function can trigger a denial of service
Last modified: 2024-06-12 07:48:45 UTC
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-34088 https://www.cve.org/CVERecord?id=CVE-2024-34088 https://github.com/FRRouting/frr/pull/15674/commits/34d704fb0ea60dc5063af477a2c11d4884984d4f https://bugzilla.redhat.com/show_bug.cgi?id=2278067
As of 2024-04-02, the upstream PR that contains a suggested fix for this issue [0] has not yet been merged. [0] https://github.com/FRRouting/frr/pull/15674
The vulnerable code seems to have been introduced with commit https://github.com/FRRouting/frr/commit/f173deb35206a09e8dc22828cb08638e289b72a5 (which is in turn a part of https://github.com/FRRouting/frr/pull/8137). Therefore, it is likely that frr packages at versions prior to 8.0.0 are not affected by this issue.
SUSE-SU-2024:1971-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1222526, 1222528, 1223786 CVE References: CVE-2024-31950, CVE-2024-31951, CVE-2024-34088 Maintenance Incident: [SUSE:Maintenance:34170](https://smelt.suse.de/incident/34170/) Sources used: openSUSE Leap 15.5 (src): frr-8.4-150500.4.23.1 openSUSE Leap 15.6 (src): frr-8.4-150500.4.23.1 Server Applications Module 15-SP5 (src): frr-8.4-150500.4.23.1 Server Applications Module 15-SP6 (src): frr-8.4-150500.4.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.