CVE-2024-31948 - OpenCVE

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Frrouting	Frrouting

Configuration 1 [-]

cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/FRRouting/frr/pull/15628
https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html
https://nvd.nist.gov/vuln/detail/CVE-2024-31948
https://www.cve.org/CVERecord?id=CVE-2024-31948

History

Tue, 04 Nov 2025 17:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-04-07T00:00:00.000Z

Updated: 2025-11-04T16:12:07.742Z

Reserved: 2024-04-07T00:00:00.000Z

Link: CVE-2024-31948

Vulnrichment

Updated: 2024-04-29T17:31:05.520Z

NVD

Status : Modified

Published: 2024-04-07T21:15:07.423

Modified: 2025-11-04T17:15:51.650

Link: CVE-2024-31948

Redhat

Severity : Moderate

Publid Date: 2024-04-07T00:00:00Z

Links: CVE-2024-31948 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31948", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-04T16:12:07.742Z", "dateReserved": "2024-04-07T00:00:00.000Z", "datePublished": "2024-04-07T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-28T07:06:14.531Z"}, "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/15628"}, {"url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138"}, {"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T17:23:10.377527Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*"], "vendor": "frrouting", "product": "frrouting", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:36:15.479Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://github.com/FRRouting/frr/pull/15628", "tags": ["x_transferred"]}, {"url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T16:12:07.742Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31948", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-06-04T17:36:15.479Z", "dateReserved": "2024-04-07T00:00:00", "datePublished": "2024-04-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-28T07:06:14.531873"}, "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/15628"}, {"url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138"}, {"name": "[debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T17:23:10.377527Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*"], "vendor": "frrouting", "product": "frrouting", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T17:31:05.520Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5B5FAA5-AC63-4329-A4F8-6EBD2CB12618", "versionEndIncluding": "9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash."}, {"lang": "es", "value": "En FRRouting (FRR) hasta 9.1, un atacante que utiliza un atributo SID de prefijo con formato incorrecto en un paquete de BGP UPDATE puede provocar que el daemon bgpd falle."}], "id": "CVE-2024-31948", "lastModified": "2025-11-04T17:15:51.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-07T21:15:07.423", "references": [{"source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/FRRouting/frr/pull/15628"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138"}, {"source": "[email protected]", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/FRRouting/frr/pull/15628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/FRRouting/frr/pull/15628/commits/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "frr: bgpd daemon crash", "id": "2273982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273982"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-248", "details": ["In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.", "An uncaught exception flaw was found in FRRouting. This flaw allows an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet to cause the bgpd daemon to crash."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-31948", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-31948\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31948\nhttps://github.com/FRRouting/frr/pull/15628"], "statement": "The uncaught exception flaw in FRRouting's bgpd daemon, triggered by a malformed Prefix SID attribute in a BGP UPDATE packet, poses a moderate severity risk due to its potential to cause a denial of service (DoS) condition. While the vulnerability results in a crash of the bgpd daemon, leading to disruption of routing services, it primarily affects the availability aspect of the CIA triad (Confidentiality, Integrity, and Availability). Although the flaw does not directly expose sensitive information or allow unauthorized access to the system, the ability to crash a critical routing component could impact network operations and service availability. However, the exploitation requires a targeted and deliberate action by an attacker, limiting its immediate widespread impact compared to high severity vulnerabilities that could lead to data breaches or complete system compromise.", "threat_severity": "Moderate"}