CVE-2024-55553

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-55553
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://frrouting.org/security/cve-2024-55553/
https://github.com/FRRouting/frr/pull/17586/commits/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3
https://lists.debian.org/debian-lts-announce/2025/01/msg00023.html
Configurations

No configuration.

History

23 Jan 2025, 18:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/01/msg00023.html -

16 Jan 2025, 19:15

Type Values Removed Values Added
Summary (en) In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Affected Versions: FRRouting <6.0. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3. (en) In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.

09 Jan 2025, 22:15

Type Values Removed Values Added
Summary (en) In FRRouting (FRR) before 10.3, it is possible for an attacker to trigger repeated RIB revalidation by sending approximately 500 RPKI updates, potentially leading to prolonged revalidation times and a Denial of Service (DoS) scenario. (en) In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Affected Versions: FRRouting <6.0. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.

07 Jan 2025, 16:15

Type Values Removed Values Added
Summary
  • (es) En FRRouting (FRR) anterior a 10.3, es posible que un atacante active la revalidación repetida de RIB enviando aproximadamente 500 actualizaciones de RPKI, lo que potencialmente genera tiempos de revalidación prolongados y un escenario de denegación de servicio (DoS).
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-404

06 Jan 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-06 23:15

Updated : 2025-01-23 18:15

NVD link : CVE-2024-55553

Mitre link : CVE-2024-55553

CVE.ORG link : CVE-2024-55553

JSON object : View

Products Affected

No product.

CWE
CWE-404

Improper Resource Shutdown or Release