AZL-39815

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39815.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-39815

Upstream

CVE-2024-31951

Published

2024-04-07T21:15:07Z

Modified

2026-04-01T05:13:29.951052Z

Summary

CVE-2024-31951 affecting package frr for versions less than 8.5.5-1

Details

In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospfteparseextlink for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).

References

https://nvd.nist.gov/vuln/detail/CVE-2024-31951

Affected packages

Azure Linux:2 / frr

Package

Name: frr
Purl: pkg:rpm/azure-linux/frr

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.5.5-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39815.json"