VDB
CVE-2024-44070
CVE-2024-44070
PUBLISHED
Es besteht eine Schwachstelle im FRRouting-Projekt FRRouting. In "bgp_attr_encap" wird nicht die tatsächliche verbleibende Streamlänge überprüft, bevor der TLV-Wert übernommen wird. Dies kann zu einem Pufferüberlauf führen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle für einen Denial of Service Angriff und potenziell zur Ausführung von beliebigem Code ausnutzen.
EPSS 0.12% · 30.5th percentile
Risk Scores
EPSS Score
0.12%
30.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| FRRouting Project | FRRouting Project FRRouting <=10.1 | |
| Debian | Debian Linux | |
| Fedora | Fedora Linux | |
| Ubuntu | Ubuntu Linux | |
| SUSE | SUSE Linux |
Exploit Intelligence
Timeline
- Aug 19, 2024 CVE Published
- Aug 19, 2024 EPSS Score
- Aug 19, 2024 PoC Published
- Sep 9, 2024 EPSS Score
- Sep 29, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 20, 2024 EPSS Score
- Nov 9, 2024 EPSS Score
- Nov 30, 2024 EPSS Score
- Dec 22, 2024 EPSS Score
- Jan 11, 2025 EPSS Score
- Jan 27, 2025 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1894.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1894 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-44070 advisory
- https://github.com/FRRouting/frr/pull/16497 advisory
- https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-September/019368.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-September/019358.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-2fff2b9a18 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-1b36a483cc advisory
- https://ubuntu.com/security/notices/USN-7017-1 advisory
- https://ubuntu.com/security/notices/USN-7016-1 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-September/019517.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-September/019518.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UVZ6ERSN5V63IGZLHDTYOHAZWMZUKHHP/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BBQ2F6B52UDKPMMML6F24O4RGXPC3B6U/ advisory
- https://ubuntu.com/security/notices/USN-7230-2 advisory
- https://ubuntu.com/security/notices/USN-7230-1 advisory