Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GHSA-hrrq-wpmq-47mf] In FRRouting (FRR) before 10.3, it is possible for an... #5147

Closed
wants to merge 1 commit into from
Closed

[GHSA-hrrq-wpmq-47mf] In FRRouting (FRR) before 10.3, it is possible for an... #5147

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 39 additions & 6 deletions advisories/unreviewed/2025/01/GHSA-hrrq-wpmq-47mf/GHSA-hrrq-wpmq-47mf.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,31 +1,64 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hrrq-wpmq-47mf",
"modified": "2025-01-07T00:31:40Z",
"modified": "2025-01-07T00:31:49Z",
"published": "2025-01-07T00:31:40Z",
"aliases": [
"CVE-2024-55553"
],
"details": "In FRRouting (FRR) before 10.3, it is possible for an attacker to trigger repeated RIB revalidation by sending approximately 500 RPKI updates, potentially leading to prolonged revalidation times and a Denial of Service (DoS) scenario.",
"severity": [],
"affected": [],
"summary": "FRRouting (FRR) 10.3 revalidates the full routing-table when receiving more than ~300 RTR PDUs in an update",
"details": "In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. This can be used by an attacker to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically.\n\nFurthermore, an attacker can use this to continuously trigger route validation. Given that routers with large full-tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact route handling performance of all FRR instances using RPKI globally.\n\nAdditionally, the re-validation will cause heightened BMP traffic to ingestors.\n\nAffected Versions: FRRouting <6.0\nFixed Versions: 10.0.3, 10.1.2, 10.2.1, 10.3",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L"
}
],
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": ""
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
]
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55553"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/issues/17533"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/17586/commits/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/commit/4ce826764487b07c2bc3f2bf0f1986001afd93c0"
},
{
"type": "WEB",
"url": "https://frrouting.org/security/cve-2024-55553"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [

],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T23:15:07Z"
Expand Down
Loading