CVE-2024-44070

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 19, 2024

Summary

CVE-2024-44070 is a vulnerability affecting FRRouting (FRR) versions up to 10.1. This issue resides in the bgp_attr_encap function within bgpd/bgp_attr.c. The flaw lies in the lack of checking the actual remaining stream length before taking the Type, Length, Value (TLV) value, potentially allowing an attacker to inject and manipulate malicious data during BGP sessions, leading to denial of service or unauthorized access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share