In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1 there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).

...

CVE-2024-31951

FRRouting FRR in versions up to 9.1 is affected by CVE-2024-31951 due to a bug in the Opaque LSA Extended Link parser (ospf_te_parse_ext_link) that can trigger a buffer overflow and daemon crash while reading Segment Routing Adjacency SID subTLVs because lengths are not validated. Exploitation st...

CVE-2024-31951

In the Opaque LSA Extended Link parser in FRRouting FRR through 9.1, there can be a buffer overflow and daemon crash in ospfteparseextlink for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs lengths are not validated...

PT-2024-6036 · Frrouting +5 · Frrouting +5

Name of the Vulnerable Software and Affected Versions: FRRouting versions through 9.1 Description: The issue is related to a buffer overflow in the Opaque LSA Extended Link parser, specifically in the ospf te parse ext link function, when handling OSPF LSA packets with Segment Routing Adjacency S...