AZL-39878

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39878.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-39878

Upstream

CVE-2024-31950

Published

2024-04-07T21:15:07Z

Modified

2026-04-01T05:13:53.903687Z

Summary

CVE-2024-31950 affecting package frr for versions less than 8.5.5-1

Details

In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospfteparse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).

References

https://nvd.nist.gov/vuln/detail/CVE-2024-31950

Affected packages

Azure Linux:2 / frr

Package

Name: frr
Purl: pkg:rpm/azure-linux/frr

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.5.5-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39878.json"