CVE-2024-27913 in FRRoutinginfo

Summary

by MITRE • 02/28/2024

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 06/14/2025

The vulnerability identified as CVE-2024-27913 affects FRRouting versions through 9.1 and resides within the ospf_te_parse_te function in the ospfd/ospf_te.c module. This issue represents a classic buffer over-read or null pointer dereference scenario that occurs when processing OSPF Link State Advertisement packets. The flaw specifically manifests when the daemon encounters malformed OSPF LSA packets containing tunnel extended attributes that are improperly structured or missing required fields. The vulnerability stems from insufficient input validation and error handling mechanisms within the OSPF traffic engineering parsing logic, creating a path where the code attempts to access memory locations that have not been properly initialized or allocated.

The technical implementation of this vulnerability involves the ospfd daemon's failure to properly validate the structure of OSPF LSA packets before attempting to parse tunnel extended attributes. When a malformed packet arrives containing incomplete or incorrectly formatted tunnel information, the parsing function attempts to access fields that may not exist in the packet structure, leading to an access violation that crashes the daemon process. This type of vulnerability falls under CWE-125, which describes out-of-bounds read conditions, and potentially CWE-476, which covers null pointer dereference scenarios. The operational impact is significant as it enables remote attackers to perform denial of service attacks against OSPF routing daemons without requiring authentication or specialized privileges.

The attack vector for CVE-2024-27913 operates over the standard OSPF communication channels where malicious actors can inject crafted LSA packets into the network topology. This attack can be executed from any location capable of sending OSPF packets to the vulnerable FRRouting daemon, making it particularly dangerous in network environments where OSPF is actively used for routing. The crash of the ospfd daemon results in temporary loss of routing functionality within the affected network segment, potentially causing routing disruptions that affect network availability and performance. According to ATT&CK framework, this vulnerability maps to T1499.004 which covers network denial of service attacks, and T1595.001 which involves network scanning and reconnaissance activities that could precede such attacks.

Mitigation strategies for this vulnerability should include immediate patching of FRRouting installations to versions that address the parsing logic flaws in the ospf_te.c module. Network administrators should also implement ingress filtering and packet validation mechanisms to detect and drop malformed OSPF packets before they reach the routing daemon. Additionally, monitoring systems should be configured to alert on ospfd daemon crashes or restarts, which could indicate exploitation attempts. The recommended approach aligns with industry best practices for network security defense in depth, where multiple layers of protection are implemented to prevent or minimize the impact of such vulnerabilities. Organizations should also consider implementing network segmentation strategies to limit the potential blast radius of such attacks and ensure that critical network infrastructure components are properly isolated from untrusted network segments.

Reservation

02/28/2024

Disclosure

02/28/2024

Moderation

accepted

CPE

ready

EPSS

0.00320

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!